定义:Oauth协议允许第三方网站app在用户授权后访问你的站点的用户的资源
角色:
resource owner 资源拥有者
An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user.
resource server 资源服务器
The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.
client 客户端
An application making protected resource requests on behalf of the resource owner and with its authorization. The term "client" does not imply any particular implementation characteristics (e.g., whether the application executes on a server, a desktop, or other devices).
authorization server 授权服务器
The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.
流程:
1.跳转到授权服务器端授权链接,如用户未登录则登录,如已登录,则授权第三方应用获得授权码auth_code,auth_code临时生成且生存时间很短,在换取access_token后即无效
2.跳转到第三方回调url,带上授权码auth_code
3.第三方应用通过你的sdk或者自己调用api从授权服务器获得资源访问的密钥access_token,同时删除auth_code,access_token也有过期时间,根据应用类型设置过期时间长短
4.refresh_token可以在access_token过期后换取新的access_token
5.使用access_token从资源服务器调用受保护的资源