Oauth1.0与2.0的认证流程笔记


oAuth 1.0

■User进入应用程序主界面


1.  App -------oAuthV1( app_key + app_secret ) --------> Server

2.  App <-------oAuthV1( oauth_token[1] + oauth_token_secret[1] + oauth_callback_confirmed ) -------- Server


app_key:  801115505

app_secret: be1dd1410434a9f7d5a2586bab7a6829


(request_token)

oauth_token[1]:e3974ad79dc94cf584b4675fc3abdec5

oauth_token_secret[1] :acb6800127b0aff822936d53d08cdb6d

oauth_callback_confirmed: true


■User打开WebView (OAuthV1AuthorizeWebView.class),输入账号、密码,并点击授权  , 或者直接点击已有头像


3  App -------oAuthV1( user_name + user_password ) --------> Server

4. App <-------oAuthV1( verifier_code ) -------- Server


user_name: xxxx

user_password: xxxx


(authorization_code)

verifier_code: 928870


■User点击获取Access_token


5. App -------oAuthV1( oauth_token[1] + oauth_token_secret[1]  + verifier_code ) --------> Server

6. App <-------oAuthV1( oauth_token[2] + oauth_token_secret[2]  ) -------- Server


(access_token)

oauth_token[2]: a9042b5767ce4b2b86cf219dc26d024f

oauth_token_secret[2] : 1179eb2ee0bc95367f31ffd2836d9f67

name: wbsdk1993754




oAuth 2.0


■User打开WebView (OAuthV2AuthorizeWebView.class),输入账号、密码,并点击授权  , 或者直接点击已有头像

1.  App -------oAuthV2( app_key + app_secret ) --------> Server

2.  App <-------oAuthV2( tokenArray (size = 8) ) -------- Server


app_key:  801115505

app_secret: be1dd1410434a9f7d5a2586bab7a6829


tokenArray:

http://xxx.xx.com/
access_token=30e44a791e44cd1d8fd7dab46e6d9f55
expires_in=8035200
openid=085F4A4AA17587E109DAA1DE706D1B05
openkey=1DA05463B06923E63D1C02628813AFDB
refresh_token=256850748eacef667e12d5acebc33c80
state=
name=wbsdk1993754
nick=wbsdk1




参考资料:


Oauth2.0协议标准

http://oauth.net/2/


The OAuth 2.0 Authorization Protocol draft-ietf-oauth-v2-20

http://tools.ietf.org/html/draft-ietf-oauth-v2-20


腾讯微博开放平台 OAuth授权说明
http://wiki.open.t.qq.com/index.php/OAuth授权说明


Open-js

http://mat1.gtimg.com/app/openjs/v20.js
OpenJS 3.0 Beta 文档
http://open.t.qq.com/open-js/doc/


oauth2开放认证协议原理及案例分析

http://kejibo.com/oauth2/


OAuth 2.0的机制原理讲解及开发流程[OAuth开发]

http://blog.unvs.cn/archives/oauth-qq2.0-developer.html


Oauth2.0与Oauth1.0的区别
http://guazi.iteye.com/blog/1569242


QQ登录 OAuth1.0升级到OAuth2.0流程讲解[注意事项]

http://blog.unvs.cn/archives/qq-oauth1.0-upgrade-oauth2.0.html


新浪微博OAuth2.0 VS OAuth1.0 主要区别

http://www.eoeandroid.com/thread-166211-1-1.html


android json解析及简单例子
http://www.open-open.com/lib/view/open1326376799874.html


android 解析json数据格式

http://www.cnblogs.com/tt_mc/archive/2011/01/04/1925327.html


android json解析

http://yuanzhifei89.iteye.com/blog/1141385


在线json视图器

http://www.bejson.com/go.html?u=http://www.bejson.com/jsonview2/


HTTPS那些事(一)HTTPS原理

http://www.guokr.com/post/114121/


Https通讯原理

http://www.2cto.com/net/201207/138949.html


你可能感兴趣的:(security)