IOS OAuth2.0 authentication and SSO licensing

OAuth2.0 and SSO authorization

I. OAUTH2.0 licensing Agreement

A secure landing protocol, the user submitted an account password is not submitted to the app, but submitted to the authorization server, after the confirmation of the server, return to the app an access token, the app can use the access token to access resource server resources. Because the user's account password does not interact directly with the app, it is safe to interact with the official server.

Icon:

Process:

1. Obtain an unauthorized request Token.

Url:request token URL.

Param:appkey/appsecret, Signature method/signature (e.g. HMAC-SHA1), TimeStamp (timestamp: Number of seconds from 1970/0/0/0/0/0), nonce (randomly generated string, prevents duplicate request)

Response:oauth_token/oauth_secret

2. Obtain user-authorized request Token.

Url:user authorizition URL.

Param:oauth_token (token returned in the previous step), Callback_url (address returned after authorization succeeded)

Response:oauth_token (token that is authorized or rejected by the user)

3, with the authorized request token in exchange for Accesstoken.

Url:access token URL.

Param:appkey,oauth_token (token returned by last step), signature, timestamp,nonce

Response:access_token/secret

Second, SSO licensing technology

Full Name: Single Sign on, users can access mutual trust subsystem only once. User access to the System 1 o'clock, after the successful login will return a ticket, when the user access to the System 2 o'clock, will bring ticket, to be verified after the legal access to the System 2. Sounds like a cookie, yes, Web-sso has a cookie-based implementation.

Sina Weibo, for example, many mobile apps when clicking on Sina licensing, will jump to the Sina Client landing page, where the use of SSO technology. When the app authorizes Sina Weibo, it detects if the mobile phone has a Sina Weibo client installed, and if it does not, it will be transferred to Weibo's web version.

[[Uiapplicationsharedapplication] openurl:xxx] can open another app. Here Sinaweibosso://login is the URL of the client and passes three parameters, Appkey,redirecturi,ssocallbackscheme.

Ssocallbackscheme is the URL address of the app that is returned, that is, your own defined Sinaweibosso.appkey.

Once the login is successful, the client will return the Accesstoken directly to the app and complete the authorization.

IOS OAuth2.0 authentication and SSO licensing