OAuth means oAuth2.
OAuth is a third-party authentication method.
For example, I want to access network A and need authentication:
\
Step 1: Authorize
1. Network A transferred me to Network B, which provides authentication services (in fact, IT is common for me to choose an authenticable website, such as Sina Weibo, Tencent QQ, Renren, etc.);
2. After logging in to NETWORK B, network B will ask me what authorization network A is allowed to get from me? For example, access to my profile picture, email, cell phone number. After I select or confirm, NETWORK B will generate A unique authorization Code, such as Auth Code, to inform Network A;
\
Step 2: Get the access token and identity ID
3. Network A obtains the authorization Code Auth Code, and then requests the Access Token from Network B.
4. B sends an Access Token to A.
5. After receiving it, A requests OpenID from B, which is to ask who I am and obtain my identity ID.
6. B sends my OpenID to A.
\
Step 3: With the access token and identity ID, A calls the API provided by B, and obtains my authorization and identity information
\
This completed A verification process, and I was finally able to enter network A.
\
\
In the process of using, as long as I remain active, A network will refresh in time before timeout, so as to maintain my login status.
So this is oAuth2.
Before this, there is oAuth1.0, the difference with oAuth2 is that when it is found that authentication is needed, A takes the initiative to ask B, and then guide the user to B authorization; Then there are the various ways to get access tokens in 2.0, and so on. In general, 2.0 is simpler than 1.0, but the two are incompatible.
\
References:
www.coin163.com/doc/oauth.h… \
www.cnblogs.com/artech/p/oa… \