[英]What is the difference between access tokens and auth_codes in OAuth 2
I am using the OAuth 2.0 PHP Library to develop a OAuth 2.0 server in PHP. 我正在使用OAuth 2.0 PHP库在PHP中开发OAuth 2.0服务器。
In the example of that library I can see 3 tables: auth_codes
, clients
and tokens
. 在该库的示例中,我可以看到3个表:
auth_codes
, clients
和tokens
。
As far as I know tokens are used to access the data and auth codes are used to obtain tokens. 据我所知,令牌用于访问数据,auth代码用于获取令牌。
But the problem is that if i do 但问题是,如果我这样做
...authorize.php?client_id=0123456789ab&response_type=token&state=test_state
I can get token without even getting the access code. 我甚至无需获取访问代码就可以获得令牌。
How is that possible ? 怎么可能? Is this a proper implementation ?
这是一个正确的实施吗?
There are two flows for OAuth2 authentcation. OAuth2身份验证有两种流程。
Here you have encountered 2-legged OAuth which doesn't require the auth_code to get access_token dance :) 在这里你遇到了两条腿的OAuth ,它不需要auth_code来获取access_token舞蹈:)
These are some useful links that will help you understand the difference better. 这些是一些有用的链接,可以帮助您更好地理解差异。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.