OAuth2.0授权机制说明
授权机制说明
1 简介
优酷对第三方应用用户授权采用OAuth2.0标准
2 OAuth2.0 授权方式
优酷支持OAuth 2.0的三种授权方式,请根据平台选用不同的授权方式:
2.1 通用授权方式
Web应用授权 Authorization Code Grant
说明
Web应用授权分为两步
1 请求用户到优酷授权,授权成功后将授权码以URL跳转的形式传给第三方网站
2 第三方网站根据授权码换取Access Token
交互流程图
+----------+
| resource |
| owner |
| |
+----------+
^
|
(B)
+----|-----+ Client Identifier +---------------+
| -+----(A)-- & Redirection URI ---->| |
| User- | | Authorization |
| Agent -+----(B)-- User authenticates --->| Server |
| | | |
| -+----(C)-- Authorization Code ---<| |
+-|----|---+ +---------------+
| | ^ v
(A) (C) | |
| | | |
^ v | |
+---------+ | |
| |>---(D)-- Authorization Code ---------' |
| Client | & Redirection URI |
| | |
| |<---(E)----- Access Token -------------------'
+---------+ (w/ Optional Refresh Token)
交互步骤
授权请求
GET /authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&scope=a%20b Host: server.example.com
授权成功跳转
HTTP/1.1 302 Found Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
Access Token 请求
POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
Access Token 返回
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}
详细接口文档见 查看
2.2 用户名密码授权
客户端应用(不支持WebView)Resource Owner Password Credentials Grant
只有合作级别的桌面客户端或移动客户端应用才可以调用
说明
客户端应用授权只需一步
1 通过用户名密码直接换取Access Token
交互流程图
+----------+
| Resource |
| Owner |
| |
+----------+
v
| Resource Owner
(A) Password Credentials
|
v
+---------+ +---------------+
| |>--(B)---- Resource Owner ------->| |
| | Password Credentials | Authorization |
| Client | | Server |
| |<--(C)---- Access Token ---------<| |
| | (w/ Optional Refresh Token) | |
+---------+ +---------------+
交互步骤
Access Token 请求
POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded;charset=UTF-8 grant_type=password&username=johndoe&password=A3ddj3w
Access Token 返回
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}
接口文档见 查看
2.3 Javascript应用
Javascript应用授权 Implicit Grant
说明
Javascript应用授权分为两步
1 请求用户到优酷授权,授权成功后将Access Token以URL跳转的形式传给第三方网站
2 第三方网站通过Javascript从跳转URL中直接取到Access Token
交互流程图
+----------+
| Resource |
| Owner |
+----------+
^
(B)
+----|-----+ Client Identifier +---------------+
| -+----(A)-- & Redirection URI --->| |
| User- | | Authorization |
| Agent -|----(B)-- User authenticates -->| Server |
| | | |
| |<---(C)--- Redirection URI ----<| |
| | with Access Token +---------------+
| | in Fragment
| | +---------------+
| |----(D)--- Redirection URI ---->| Web-Hosted |
| | without Fragment | Client |
| | | Resource |
| (F) |<---(E)------- Script ---------<| |
| | +---------------+
+-|--------+
(A) (G) Access Token
| |
^ v
+---------+
| Client |
+---------+
交互步骤
授权请求
GET /authorize?response_type=token&client_id=s6BhdRkqt3&state=xyz&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&scope=a%20b Host: server.example.com
授权成功跳转
HTTP/1.1 302 Found Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA&state=xyz&token_type=example&expires_in=3600&scope=a%20b
授权失败
HTTP/1.1 302 Found Location: https://client.example.com/cb#error=access_denied&state=xyz
接口文档见 查看
3 OAuth2.0 SDK
4 OAuth2.0 资源
官方网站 http://oauth.net/2/
虽功未成,亦未敢藏私,众侠诸神通尽录于此,竟成一笈,名葵花宝典,以飨后世。
邮箱:steven9801@163.com
QQ: 48039387
邮箱:steven9801@163.com
QQ: 48039387
