Authentication Authorization for Web applications (Authorization Code)

Since it's a microblog development, you might think that you should use a desktop program for verification, but Weibo is a web-based program that you've developed, so you can use a web app to verify how you're authorized

basic process of authorization

(Note: Client refers to a third-party application, Resource owner refers to the user, Authorization server is our license server, Resource server is an API server)

Sina supports 4 kinds of authorization grant (that is, the way to obtain authorization), respectively: The Authorization page method (which is divided into Web application and JavaScript client), User name password method (similar to the previous xauth), Token refresh mode (provided to the partner for handling access token expiration)

Developers can first browse the OAuth2.0 interface documentation, familiarize themselves with the OAuth2 interface and the meaning of the parameters, and then we will explain how to use the OAuth2.0 according to the application scenario. Authentication Authorization for Web applications (Authorization Code)

Basic process

1. Boot the user who needs authorization to the following address:

Https://api.weibo.com/oauth2/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=YOUR_ Registered_redirect_uri

2. If the user agrees to authorize, the page jumps to Your_registered_redirect_uri/?code=code

3. In exchange for access Token

https://api.weibo.com/oauth2/access_token?client_id=your_client_id&client_secret=your_client_secret& Grant_type=authorization_code&redirect_uri=your_registered_redirect_uri&code=code

(where client_id=your_client_id&client_secret=your_client_secret can be added to the header using the basic method)

return value

{"Access_token": "slav32hkkg", "expires_in": 3600}

4. Invoking the API using the obtained OAUTH2.0 access token

Interface Description:

Class Com.weibo.net.Weibo: 1. Get request token

GET Request Token
Interface Name
Public Requesttoken Getrequesttoken (context context, string key, String secret, string callback_url);
Parameter name	Role
Context	Pass the application context to get the current network status, pop-up dialog boxes, and so on.
Key	App key assigned to third-party clients
Secret	App secret assigned to third-party clients
Callback_url	URL for OAuth Authorize page callback
return results
Requesttoken:requesttoken encapsulates the request tokens attribute class, inherits from token, contains Oauth_token, oauth_token_secret multiple attributes.

2. Get access token

Get acess token
Interface Name
Public Accesstoken Generateacesstoken (context context, Requesttoken Requesttoken)
Parameter name	Role
Context	Pass the application context to get the current network status, pop-up dialog boxes, and so on.
Requesttoken	Token class for accessing OAuth tokens and OAuth secret
return results
Accesstoken:accesstoken encapsulates an access Tokens property class that inherits from token, contains Access_token, and Oauth_token_secret multiple properties.

3. Get access tokens for Oauth2.0

get Oauth2.0 's acess token
Interface Name
Oauth2accesstoken Getoauth2accesstoken (Context context, String App_key, String App_secret, String usrname, string password)
Parameter name	Role
Context	Pass the application context to get the current network status, pop-up dialog boxes, and so on.
App_key	CLIENT_ID, Appkey for third-party applications
App_secret	Client_secret, Appsecret for third-party applications
Username	Weibo user name
Password	Weibo user password
return results
Oauth2accesstoken:oauth2accesstoken encapsulates the Tokens attribute class, which inherits from token, contains Access_token, and Oauth_token_secret multiple attributes.