Oauth2 the entire process of obtaining user information has gone through. There's no problem.
But there's something in the middle that's unclear. I hope that the friend who knows to help answer the next.
Do you have to go through code to get access_token every time?
If not, then the user's OpenID can only be returned when acquiring Access_token, or the user's OpenID will not be available.
Or is it the first time you get the user's OpenID and then
Note: Weibo open interface calls, such as Micro bo, attention, etc., are required to obtain user authentication. At present, the user identity authentication of Weibo open platform is mainly based on OAuth2.0. To make it easier for developers to develop and test their applications.The OAuth2.0 is simpler and more secure than 1.0, and is the most important way to authenticate and authorize users in the future.Step one: Create an appBelow I take the company test account as an example, to create an
SDK
The address is Http://open.weibo.com/wiki/SDK after you select the Java SDK download to import Eclipse and then find config.properties fill in Appkey and App_secret
As follows:
client_id = Your Appkey
Client_sercret = Your App_secret
Redirect_uri =http://www.baidu.comBaseURL = https://api.weibo.com/2/Accesstokenurl = Https://api.weibo.com/2/oauth2/access_tokenAuthorizeurl = Https://api.weibo.com/2/oauth2
Looking for a more authentic library, looked for quite a long time. Finally, on the OAuth official site, see the relevant links to the PHP version.The discovery is the PHP 5.3 version of the environment, based on the namespace of the writing.Visit the following page, a rare, discovery document gives a link to the 5.2 version.http://bshaffer.github.io/oauth2-server-php-docs/The next step is to complete porting and integration in the UXF framework.PHP
Recently in third-party access, the initial set of the use of the OAuth2 agreement, took some time to OAuth2 the authorization of the way to do some understanding.I remember talking to a colleague about the Internet a year or two ago when I said an idea:At present, a lot of scarce resources, many of which are provided by the forum to download, the forum provides the download often requires a forum account,
designed with a clear expectation that future work will define the prescriptive configuration and extensions required to achieve complete web-wide interoperability.1.9. Symbolic conventionsThe keywords in this specification are "must", "cannot", "required", "want", "Do not", "should", "should not", "recommended", "Can" and "optional" as explained in RFC2119. This specification uses RFC5234 's extended Backus-Noel Paradigm (ABNF) notation. In addition, rule URI references from the Uniform Resour
includesRedirect_uri=...grant_type=authorization_codecode= ...Where code, is the last step to get to the Code,grant_type is fixed value (here only for authorizationcodegrant this way)Redirect_uri is still the same address (note that this is not a different address, because when registering the application, only set the address, so for all the return to the application of the address, to use this one)And, to pass in the headerclientid+ Colon +secret (clientid+ ":" +secret)Turn this result into a
querying the URI of the background API, copy the pendingModify the "Routes/index.js" code toHere to parse the meaning of each parameterTenant: ' esquel.onmicrosoft.com ': means the domain name that is connected to the Azure serviceAuthorityhosturl: ' Https://login.windows.net ',: This landing address is fixed.ClientId: ' 7e3fbc01-eda8-41de-bd80-a5a208fa12a2 ',: is the app ID of the newly added Azuread appClientsecret: ' g+iisbgtjkqwqcz6gxo9tw01ca59mxi8ylfe3weudwy= ': The key for the newly added
If third-party applications and the open platform need to obtain user privacy data (such as goods, orders), for the sake of security and privacy, third-party applications need to obtain the user's authorization, that is, access to user data authorization token Accesstoken. In this case, the third-party app needs to guide the user through the process of "login authorization" for the account.
EasyOpen supports OAUTH2 certification starting from version
(Application. class , args);} }3.3 Main projects Spring Cloud ConfigCentralized external configuration management supported by the GIT repository. The configuration resource is mapped directly to Spring ' environment ', but can be used by non-spring applications if needed.Spring Cloud NetflixIntegrates with various Netflix OSS components (Eureka,hystrix,zuul,
by the controller endpoint of spring MVC, and access to protected resources is handled through a standard spring security request filter.The endpoints listed below are the endpoints required by the Spring Security filter chain to implement the OAuth 2 authorization server:
The authorizationendpoint is used to authorize service requests. The default URL
operations.Spring Cloud Data Flow: The Big data manipulation tool that operates data streams from the command line.Spring Cloud Security: Safety Toolkit, which adds security controls to your application, mainly refers to OAuth2.Spring Cloud Consul: Encapsulates the Consul operation, Consul is a service discovery and configuration tool that can be seamlessly integrated with Docker containers.Spring Cloud Zo
operations.Spring Cloud Data Flow: The Big data manipulation tool that operates data streams from the command line.Spring Cloud Security: Safety Toolkit, which adds security controls to your application, mainly refers to OAuth2.Spring Cloud Consul: Encapsulates the Consul operation, Consul is a service discovery and configuration tool that can be seamlessly integrated with Docker containers.Spring Cloud Zo
Security: Safety Toolkit, which adds security controls to your application, mainly refers to OAuth2.Spring Cloud Consul: Encapsulates the Consul operation, Consul is a service discovery and configuration tool that can be seamlessly integrated with Docker containers.Spring Cloud Zookeeper: A toolkit for manipulating Zookeeper for service registration and discovery using Zookeeper methods.Spring Cloud Stream
The spring framework is like a vendor with many products under it, such as spring Boot, spring frame, spring cloud, and so on.Spring boot is designed to quickly, easily, and easily build a spring project. It's fast, easy, and simple because
In all previous spring boot and spring cloud related posts, the creation of the spring boot project will be involved. There are many ways to create them, and we can build them either manually or through scaffolding.In this article we will introduce the spring INITIALIZR tool in embedded IntelliJ, which, like the web-pr
. Using the Zookeeper dependency relationship76.2. Activating zookeeper Dependencies76.3. Setting up Zookeeper dependencies76.3.1. Alias76.3.2. Path76.3.3. Load Balancer Type76.3.4. Content type templates and versions76.3.5. Default title76.3.6. The required dependencies76.3.7. Stub76.4. Configure Spring Cloud Zookeeper dependencies
Spring Cloud Zookeeper Dependency Monitor77.1. Activated77.2. Register Li
introductions can arbitrarily expand their own want, do not rigidly adhere to a method;
Finally, I would like to introduce the way of encryption, Spring Security 4 when we commonly used encryption method is MD5 Salt, 5.0 later version can not find Md5passwordencoder, indicating that this method is not safe enough, or can be done by brute force can be solved, Maybe I can't, but can't stop some of the pros, you can look at the official support and dis
In all previous spring boot and spring cloud related posts, the creation of the spring boot project will be involved. There are many ways to create them, either manually by Maven or through scaffolding, or by using the page tools mentioned in the article Springboot QuickStart SPRING INITIALIZR , believing that every re
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.