OAuth 2中的访问令牌和auth_codes之间有什么区别
[英]What is the difference between access tokens and auth_codes in OAuth 2
问题描述
I am using the OAuth 2.0 PHP Library to develop a OAuth 2.0 server in PHP. 
我正在使用OAuth 2.0 PHP库在PHP中开发OAuth 2.0服务器。
In the example of that library I can see 3 tables: auth_codes , clients and tokens . 在该库的示例中,我可以看到3个表: auth_codes , clients和tokens 。
As far as I know tokens are used to access the data and auth codes are used to obtain tokens. 据我所知,令牌用于访问数据,auth代码用于获取令牌。
But the problem is that if i do 但问题是,如果我这样做
...authorize.php?client_id=0123456789ab&response_type=token&state=test_state
I can get token without even getting the access code. 我甚至无需获取访问代码就可以获得令牌。
How is that possible ? 怎么可能? Is this a proper implementation ? 这是一个正确的实施吗?
1 个解决方案
解决方案1
8 已采纳 2012-03-19 10:54:36
There are two flows for OAuth2 authentcation. OAuth2身份验证有两种流程。
- Two-legged OAuth 两条腿OAuth
- Three-legged OAuth 三足OAuth
Here you have encountered 2-legged OAuth which doesn't require the auth_code to get access_token dance :) 在这里你遇到了两条腿的OAuth ,它不需要auth_code来获取access_token舞蹈:)
These are some useful links that will help you understand the difference better. 这些是一些有用的链接,可以帮助您更好地理解差异。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.