When Tencent Cloud practice Serverless setup across domains, I saw an option authentication type: OAuth2.0, so I conducted a series of search practices.
OAuth2.0 is an open Web standard protocol for authorization; The authorization layer between the client and the server provider allows users to authorize third-party applications to access their information stored on another service provider without having to provide user names and passwords to third-party applications or share all the content of their data.
The above paragraph in the user side of the example is: for example, you open douban login, will see a row of third party login (QQ, wechat…) Click the icon below to jump to the third party login page. Click Authorized login to jump back to douban page and successfully log in.
There are four ways to obtain resource server token: authorization code, hidden, password, and client credentials
Authorization code is the most common and secure authorization method
The whole process of QQ third-party login is as follows:
Wechat third-party authorized login process:
(1) First go to wechat open platform to create a website application, fill in the registered domain name (the callback only needs to fill in the domain name, there is no need to specify the page path) after approval, you can get AppID, AppSecret
(2) Website skipping:
Open.weixin.qq.com/connect/qrc…
Request code with appID, redirect_URI (state parameter optional).
(3) After the user is authorized, it will jump back to the callback address and carry the code
(4) After obtaining the code, the website redirects
Api.weixin.qq.com/sns/oauth2/…
Get access_token, openId
(5) Obtain user information according to access_token and openId
Api.weixin.qq.com/sns/userinf…