Http://open.weibo.com/wiki/%E6%8E%88%E6%9D%83%E6%9C%BA%E5%88%B6%E8%AF%B4%E6%98%8E
Weibo open interface calls, such as tweets, concerns, etc., are required to obtain user authentication.
At present, the user identity authentication of Weibo open platform is mainly based on OAuth2.0.
In addition, in order to facilitate developers to develop and test their own applications, we also provide the basic Auth identity authentication method, but the basic auth only for the application of the developers themselves to invoke the interface.
OAuth2.0 Overview
The OAuth2.0 is simpler and more secure than 1.0, and is the most important way to authenticate and authorize users in the future.
The authorization process for the OAUTH2.0 protocol can refer to the following flowchart where client refers to a third-party application, Resource owner refers to the user, Authorization server is our authorization server, and Resource server is the API server.
Developers can first browse the OAuth2.0 interface documentation, familiarize themselves with the OAuth2.0 interface and the meaning of the parameters, and then we will explain how to use the OAuth2.0 according to the application scenario.
The new license page changes the previous page information elements too much, to the user's use of the problem of interference, login and authorization of the two actions have been separated in the new version, the user can better understand the process of account login and authorization, but also for the future more features to bring space to carry.
Currently one of the most complete authorizations is divided into three steps: Login-General Authorization-Advanced Authorization (SCOPE). However, these three steps do not necessarily occur, when the user's microblog is logged in, the page will automatically jump to the general authorization page, "Advanced Authorization" is also not necessary, if the developer does not apply for scope permissions, the system will automatically skip this step, callback application. We found in the grayscale test that as long as a reasonable use of high-level authorization, developers do not have to worry about increasing the page churn caused by the problem, on the contrary, a clear licensing experience more access to the user's trust.
At the same time, the authorization items will become more organized, before the ordinary permissions will be as the basic services, the user no longer have the perception, and the user's privacy related to the high-level authorization, the user has the right to cancel the authorization, further enhanced privacy control.
Developers need to select the applicable OAuth2.0 authorization process according to their respective application scenarios:
-
- 1, PC-side and web site, please refer to: Web Site Authentication Authorization (Authorization Code)
- 2, mobile app can use the official Mobile SDK directly, through the call the microblogging client (not installed Weibo client will call up the H5 authorization page) way to authorize
- 3, H5 light application, please refer to the Light Application development Guide
Ii. Analysis of authentication methods 1. Web Application Authorization
2. Mobile App Authorization
3. Validity period of authorization
4.calling the API using the OAuth2.0
Iii. conclusion of decomposition
Iv. Other InformationOAuth2.0 Related ResourcesThe following SDK contains the OAuth2.0 and the new API interface
|
|
|
Download the Android SDK |
Download the iOS SDK |
Download WP7 SDK |
Download PHP SDK (maintained by SAE) |
Download Java SDK |
Download the Python SDK |
Download Flash SDK |
Download JavaScript SDK |
Download the C # SDK |
Mobile Development SDK Documentation
|
|
|
Android SDK Description Documentation |
IOS SDK Documentation |
WP7 SDK Documentation |
Other references
OAuth is an internationally-accepted licensing method, and OAuth2.0 's official technical notes are available at http://oauth.net/2/
If you are still using Oauth1.0, please go to browse related documents.
OAuth2.0 Error code
In the implementation of Weibo OAuth2.0, when the authorization server receives the authentication authorization request, it verifies the request header and request parameters of this request according to the OAUTH2.0 protocol, and if the request is illegal or the authentication fails, the authorization server returns the corresponding error message, including the following parameters:
- Error: Wrong code
- Error_code: Wrong Internal number
- Error_description: Incorrect description information
- Error_url: A readable Web page URI with information about the error that is used to provide the end user with additional information about the error.
There are two ways to return an error message:
1. When an error occurs when requesting authorization Endpoint:https://api.weibo.com/2/oauth2/authorize, the return method is: Jump to Redirect_uri and query in URI A description of the error is included in the parameter.
2. When you request access token Endpoing:https://api.weibo.com/oauth2/access_token, an error occurs and returns: Returns the JSON text. For example:
Json
12345 |
{ "error" : "unsupported_response_type" , "error_code" : 21329, "error_description" : "不支持的ResponseType." } |
The error code in the OAuth2.0 error response is defined as shown in the following table:
error code (ERR) |
error Number (Error_code) |
error description (error_description) |
Redirect_uri_mismatch |
21322 |
REDIRECT Address mismatch |
Invalid_request |
21323 |
Request is illegal |
Invalid_client |
21324 |
Invalid client_id or Client_secret parameter |
Invalid_grant |
21325 |
The provided access grant is invalid, expired, or revoked |
Unauthorized_client |
21326 |
Client does not have permissions |
Expired_token |
21327 |
Token expires |
Unsupported_grant_type |
21328 |
Unsupported Granttype |
Unsupported_response_type |
21329 |
Unsupported Responsetype |
Access_denied |
21330 |
User or authorization server denied access to data |
Temporarily_unavailable |
21331 |
Service temporarily inaccessible |
Appkey Permission denied |
21337 |
Insufficient app permissions |
OAuth2.0 related issues, view OAuth2.0 related issues
APIGW Authentication Analysis (1-4) Sina Weibo open platform-authentication analysis