Home > Developer > Mobile Develop

Oauth:access to shared resources via Web applications

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A Web application which wants to gain access to GKFX resources should redirect the user to a page of the authorization s Erver. When doing so, it informs the authorization server on the access rights it is requesting. This information, which was called Scope, is actually a list of identifiers separated by space characters which is often a Vailable as URLs in order to avoid naming conflicts and is given by the resource server.

Consequently, the authorization server asks the user, in his role as resource owner, for authentication (e.g. by provid ing the username and password). Subsequently, the user can either grant or reject the client's request. The authorization server then redirects the user to the client and passes the user's decision to the client using a URL PA Rameter. If the user has granted the request, the query string contains a code which the client can exchange for a security token. When doing so, the client provides authentication details to the authorization server. Mostly This is also do by giving the username and password.

The token received this is used by the client to gain access to the desired resources via the resource server . Once it has received the token, the resource server must verify its validity and check if it is indeed provided by the NA Med authorization server. Validity can checked using the expiry date contained within the token and the latter may is done by verifying other Evi Dence which is also embedded in the token. Such evidence may, for example, is a digital signature or an HMAC. If such cryptographic proceedings is to be avoided, there is also the possibility of the resource server contacting the A Uthorization server to confirm the validity of the token.

The token may contain information is about the user which might is used by the resource server to verify rights. Alternatively, the token may simply is a key which the resource server may exchange for user-related data when contacting The authorization server.

Oauth:access to shared resources via Web applications

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More