Introduction to OAUTH protocol

OAUTH creates a background

With the development of the Internet, some internet giants have accumulated a huge amount of users and data. For platform-level software vendors, the user's needs are varied and varied

To be fully satisfied with one's own power, it is inevitable to be tired of the life. So the number of third-party developers who open the data in the form of an interface becomes an inevitable trend. Third party

Developers have been developed two times to meet the unique needs of a small number of users, that is, to gain the benefit of their own, but also to allow the flow of data, around the big platform to form a

The benign ecological environment can, finally reach the user, platform vendors, third-party developers to win, in this context the OAuth protocol was born.

OAuth Introduction

The OAUTH protocol is designed to provide a secure, open standard for authorized access to user resources. Flat Taiwan businessmen, through the OAuth protocol, prompt users to authorize third-party software vendors (ISVs).

Enables third-party software vendors to use some of the data of Taiwanese businessmen to provide services to users. Unlike previous forms of authorization, the OAuth protocol does not need to touch the user's account information and

Password, you can complete the third party authorization to access the user information.

The user authorizes the third party application through the flat Taiwanese businessmen, and after the third party application is authorized, it can provide the interface for a certain period of time, through the platform provider, access to the user's authorized information,

Provide services to users.

OAuth Authorization Process

The core idea of the protocol is to classify and isolate the resources, and the ISV directs the users to log on to the platform and complete the authorization. After authorization, the ISV can access the user's private, within a certain period of time

Data, the user can completely control the process, and authorization can be canceled.

To live OAuth protocol authorization:

1 requires a third-party developer Ping Taiwanese to apply for an app ID, or AppID, to register their app.

2. An OAuth authorization consists of three roles:

1. Ordinary Users

2. Third-party applications (ISVs)

3. Platform Vendors.

3. The authorization process is as follows:

1. The user first accesses the ISV's app and initiates the request.

2.ISV receives the user request, then requests the request TOKEN from the platform vendor and brings in the AppID of the request.

3. The platform will return to the ISV to apply the REQUEST TOKEN.

The 4.ISV app directs the user to the platform authorization page with its own Appid,request token and callback address.

5. The user logs on to the Platform page and completes the authorization. (This will not expose the user name or password to a third party).

6. The platform returns to the ISV app access TOKEN through a callback link provided by the ISV.

The 7.ISV app takes access tokens to the user's authorization data, processes it back to the user, and authorizes data access to complete.

Introduction to OAUTH protocol