以下是官網(wǎng)直譯:https://oauth.net/
1. 首頁
OAuth是一種開放協(xié)議(注:協(xié)議是公開的闻鉴,任何人都可以按照協(xié)議的文
去實(shí)現(xiàn)該協(xié)議的通信跃赚,比如說OAuth協(xié)議漩怎,任何人都可以買到或者獲得該
協(xié)議的完整說明鱼喉,并去實(shí)現(xiàn)剂陡,而不需要支付授權(quán)費(fèi)用,開放協(xié)議處于許多重
要系統(tǒng)的核心,互聯(lián)網(wǎng)需要TCP/IP協(xié)議邑时,Web需要HTTP,電子郵件需SMTP,
這些開放系統(tǒng)能夠讓開發(fā)者在上面建立應(yīng)用程序), 允許用戶讓第三方應(yīng)用
以安全且標(biāo)準(zhǔn)的方式獲取該用戶在某一網(wǎng)站,移動(dòng)或者桌面應(yīng)用上存儲的
秘密的資源(如用戶個(gè)人信息授帕,照片同木,視頻,聯(lián)系人列表)跛十,而無需將用
戶名和密碼提供給第三方應(yīng)用彤路。
OAuth2.0授權(quán)框架允許第三方應(yīng)用程序獲得對HTTP服務(wù)的有限訪問。
為消費(fèi)者開發(fā)人員
如果你正在構(gòu)建以下...
- web applications
- desktop applications
- mobile applications
- Javascript or browser-based apps (javascript或者基于瀏覽器的應(yīng)用程序)
OAuth是一種發(fā)布和受保護(hù)數(shù)據(jù)交互的簡單方法芥映。這也是一種更安全的方式讓人們可以訪問洲尊。為了節(jié)省你的時(shí)間远豺,OAuth一直保持簡單。
對于服務(wù)提供者開發(fā)人員
如果你支持以下...
- web applications
- mobile applications
- server-side APIs(服務(wù)端APIS)
- mashups(插件)
如果你是在為用戶存儲受保護(hù)的數(shù)據(jù)坞嘀,他們不應(yīng)該在網(wǎng)絡(luò)上散布密碼以活得訪問權(quán)躯护。使用OAUTH來讓用戶訪問他們的數(shù)據(jù),同時(shí)保護(hù)他們的賬戶憑證丽涩。
入門指南(Getting Started)
下面是OAuth 2.0 的一些指南棺滞,它涵蓋了理解和實(shí)現(xiàn)客戶端和服務(wù)端的主題。
OAuth 2.0 Simplified(OAuth2.0簡化)
OAuth2.0簡化 是Aaron Parecki寫的矢渊,是OAuth2.0的指南继准,專注于編寫客戶端,在介紹性的層面上給出了一個(gè)清晰的概述矮男。
- Roles: Applications, APIs and Users
- Creating an App
-
Authorization: Obtaining an access token 授權(quán)移必,獲取一個(gè)令牌
- Web Server Apps
- Single-Page Apps 單頁面應(yīng)用程序
- Mobile Apps
- Others
- Making Authenticated Requests 制作身份驗(yàn)證的請求
- Differences from OAuth 1.0 區(qū)別OAuth1.0
- Authentication and Signatures 身份驗(yàn)證和簽名
- User Experience and Alternative Authorization Flows 用戶體驗(yàn)和可選授權(quán)流
- Performance at Scale 大規(guī)模集群的性能
- Resources
OAuth 2.0 Servers (OAuth2.0服務(wù))
OAuth2.0服務(wù)是由Aaron Parecki撰寫的,由 Okta發(fā)布出版毡鉴,是構(gòu)建OAuth2.0服務(wù)的指南避凝,其中包括許多細(xì)節(jié),而不是規(guī)范的一部分眨补。
- Background
- Definitions
- OAuth 2.0 Clients
- Client Registration
- Authorization
- Scope
- Redirect URIs
- Access Tokens
- Listing Authorizations
- Token Introspection Endpoint
- The Resource Server
- Creating Documentation
- Differences Between OAuth 1 and 2
Code and Libraries(代碼和庫)
有很多不同語言的client和server庫可以讓您快速入門。
Books(書)
---您可以在OAuth2.0中找到一些優(yōu)秀的 books倒脓。
Consulting(咨詢撑螺,顧問)
找一個(gè)OAuth consultant 來幫助你的組織。
2. OAuth 2.0
OAuth 2.0
OAuth 2.0是用于授權(quán)的行業(yè)標(biāo)準(zhǔn)協(xié)議崎弃。OAuth 2.0取代了2006年創(chuàng)建的OAuth協(xié)議所做的工作甘晤。OAuth 2.0側(cè)重于客戶端開發(fā)人員的簡單性,同時(shí)為web應(yīng)用程序饲做,桌面應(yīng)用程序线婚,移動(dòng)電話和客廳設(shè)備提供特定的授權(quán)流。該規(guī)范是在IETF OAuth WG中開發(fā)的盆均。
問題塞弊,建議和協(xié)議更改應(yīng)該在mailing list 中討論。
OAuth 2.0 Core (核心)
- OAuth 2.0 Framework - RFC 6749(框架)
- Bearer Token Usage - RFC 6750 (不記名使用令牌)
- Threat Model and Security Considerations - RFC 6819 (威脅模式和安全考慮)
OAuth 2.0 Extensions(擴(kuò)展)
- OAuth 2.0 Device Flow (設(shè)備流)
- OAuth 2.0 Token Introspection - RFC 7662, to determine the active state and meta-information of a token (以確定一個(gè)令牌的活動(dòng)狀態(tài)和元信息)
- PKCE - Proof Key for Code Exchange, better security for native apps(驗(yàn)證代碼交換的關(guān)鍵泪姨,更好的本地應(yīng)用程序安全性游沿。)
- Native Apps - Recommendations for using OAuth 2.0 with native apps (應(yīng)用程序,使用OAuth 2.0與本地應(yīng)用程序的推薦肮砾。)
- JSON Web Token - RFC 7519 (JSON Web標(biāo)記)
- OAuth Assertions Framework - RFC 7521 (OAuth斷言框架)
- SAML2 Bearer Assertion - RFC 7522, for integrating with existing identity systems (與現(xiàn)有的身份系統(tǒng)集成)
- JWT Bearer Assertion - RFC 7523, for integrating with existing identity systems (與現(xiàn)有的身份系統(tǒng)集成)
需要幫助整理這些規(guī)范诀黍,并弄清楚它們是如何應(yīng)用于您的組織的開發(fā)計(jì)劃的,找一個(gè)OAuth顧問仗处。OAuth consultant
Community Resources (社區(qū)資源)
- OAuth 2.0 Simplified(簡化)
- Books about OAuth (書)
- OAuth 2.0 Servers - a guide to building OAuth 2.0 servers by Aaron Parecki (服務(wù)指南)
- OAuth articles by Alex Bilbie(文章)
Protocols Built on OAuth 2.0 (基于OAuth 2.0構(gòu)建的協(xié)議)
- Open ID Connect
- UMA
- Green Button
- Blue Button (obsolete)
Code and Services (代碼和服務(wù))
Legacy (遺贈)
See more information on OAuth 1.0 and 1.0a.
3. Code
Code
下面是支持OAuth 2.0庫和服務(wù)的集合眯勾。如果您想對這個(gè)頁面做任何更改枣宫,您可以 edit this page.
Server Libraries (服務(wù)端庫)
Java
Tokens: Java library for conveniently verifying and storing OAuth 2.0 service access tokens.
Light OAuth2 - The fastest, lightest and cloud native OAuth 2.0 microservices
PHP
PHP OAuth 2.0 (AS with SAML/BrowserID AuthN, with management REST API)
PHP OAuth2.0 for Silex and Demo
PHP OAuth2.0 for Symfony and Demo
Nette OAuth2 provider for Nette framework and Nette REST API bundle
Python
Python Social Auth is an OAuth and OAuth2 client for a multitude of services.
Django OAuth Toolkit (DOT) is an OAuth2 Provider for Django built upon oauthlib
HHS OAuth2 Server a health-centric Django project based on DOT
Flask-OAuthlib is an OAuth2 Client/Provider for Flask built upon oauthlib
NodeJS
Mozilla Firefox Accounts. A full stack Identity Provider system developed to support Firefox Marketplace and other services
OAuth2orize: toolkit to implement OAuth2 Authorization Servers
Ruby
.NET
OAuthServer a simple OAuth server 2.0 developed in C# to provide OAuth authentication for Active Directory Users.
Erlang
Go
Fosite: Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
osin: Golang OAuth2 server library
gin-oauth2: middleware for Gin Framework users who also want to use OAuth2
C
Glewlwyd a lightweight OAuth2 server providing JSON Web Tokens and supports authentication with database or LDAP backend for users and clients.
Client Libraries(客戶端庫)
PHP
league/oauth2-client: OAuth 2.0 Client from the League of Extraordinary Packages
oauth-api from PHP Classes
OAuth2/OpenID Connect Client Library for PHP/Zend Framework 2
Objective C
Swift
Java
Scala
Python
Flask-OAuthlib is an OAuth2 Client/Provider for Flask built upon oauthlib
Ruby
Javascript
Node.js
Perl
.NET
Qt/C++
Qt Network Authentication (since 5.8, supports OAuth 1 and 2)
Lua/Corona SDK
Dart
Go
ActionScript
PowerShell
Proxy services(代理服務(wù))
- Hydra an open source OAuth2 and OpenID Connect server for new and existing infrastructures (一個(gè)開源的OAuth2 和OpenID Connect服務(wù)用于新的和現(xiàn)有的基礎(chǔ)設(shè)施)
- OAuth.io (self hosted), and also you can use as an external service
- SSQ signon (self hosted), and also you can use as an external service
- Auth0: Authorization Server as a service (or self hosted)
Services that support OAuth 2(支持OAuth2的服務(wù))
- 37signals (draft 5)
- Auth0
- BookingSync
- Box
- Beeminder
- Campaign Monitor
- Clever
- Dropbox
- Facebook's Graph API
- Foursquare
- GitHub
- HiDrive
- Meetup
- NationBuilder
- Salesforce
- Citrix ShareFile
- Slack
- SoundCloud
- Do.com (draft 22)
- Windows Live
- time cockpit
- Zalando's baboon-proxy
Legacy OAuth 1.0 Support(遺留OAuth 1.0支持)
- See OAuth 1.0