Hello, everyone, I am Orange Chang. I have realized the codes of “wechat Authorization, Alipay authorization, enterprise wechat authorization, agricultural Bank of China Open platform Authorization” and put them into use in production. Next, I will bring you a series of “Interpretation of OAuth 2.0 Authorization Agreement”.
First up, here’s the first article, “The First Look at the OAuth 2.0 License.”
I. Business background
On Monday, PM came to Tangchang and said, “We are going to connect wechat authorization, so that our application login system can provide users with one more login option.”
With the development and expansion of the company and its business, many companies have developed external Api to facilitate the technical docking of other partners, such as wechat ecology, Alipay ecology, Didi ecology, etc., a new term “open platform” has emerged.
What an open platform does is empower external developers primarily with their business capabilities in the form of open apis.
Two landing stories
1. The bank visits customers
One day, we went to the bank to visit customers. When we got to the bank, we found that we could not get in and there was a brake. Then we went to the front desk to explain the situation to my little sister.
The little sister said: Please show me your ID card
Visitor: Ok, here is my ID card
Sister: It is found in the system that you have made an appointment with XXX, and you may be asked to take a photo or write a grade by hand. Then a temporary TWO-DIMENSIONAL code is given
Visitor: Pass through the gate according to this temporary QR code and meet the customer.
In which there is authorization operation, access to show all kinds of proof, the little sister issued temporary access to the TWO-DIMENSIONAL code, access through the temporary two-dimensional code through the gate.
2. Real scene authorization
Note Login is the prerequisite for authorization.
Then the user enters the account secret and other information after successful login, an authorization page appears to explain to the user what data the system wants to obtain from you.
OAuth 2.0 authorization overview
1. What is OAuth 2.0
OAuth = Open + Auth
Note The OAuth protocol is applicable to authorization in an open environment
The first thing to remember is that “OAuth 2.0 is an authorization/security/delegation protocol, not an authentication protocol.”
Its essence is to enable secure communication between authorized access parties and authorized services.
2, OAuth 2.0 four roles
Visitors are equivalent to resource owners in the OAuth system. For example, we are a printing software, and we naturally need his authorization to help users print their order data in JINGdong, because we can only get his authorization for the data in Jingdong.
In fact, customers can be equated to protected resources, such as JD, which has the order data of many people.
Gate is equivalent to the client. The first layer that visitors encounter is the gate. In fact, back to the real business scenario, it is the third-party software, that is, the printing software.
The front desk is equivalent to the authorization service. She needs to issue a temporary certificate to the visitor according to the relevant proof presented by the visitor, and then the visitor accesses the business interface behind by the temporary certificate.
Four,
Today we open the door to OAuth 2.0 with a story, just two things to remember:
1, OAuth 2.0 is a kind of authorization protocol/security protocol/delegation protocol, it is used in the open environment to do authorization
2. OAuth 2.0 has four key roles: resource owner, third-party software, licensed services, and protected resources
The next article will give you the interpretation of “four license types in OAuth 2.0”, thank you for your attention, can find me in my home page, if you think there is some benefit, welcome to like, forward, comment, thank you for recognition!