角色
Roles
OAuth定义了4种角色:
资源拥有者,对受保护资源有授权访问能力的实体。当资源拥有者是一个人,称之为终端用户。
OAuth defines four roles: resource owner An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user.
资源服务器,托管受保护资源,能够接受并响应使用访问令牌对受保护资源的请求。
resource server The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.
客户端,在资源拥有者的授权下,代表资源拥有者,对受保护资源进行访问。客户端并不意味着任何特定的实现特征,比如,应用是否在服务器、桌面或其他设备上运行。
client An application making protected resource requests on behalf of the resource owner and with its authorization. The term “client” does not imply any particular implementation characteristics (e.g., whether the application executes on a server, a desktop, or other devices).
认证服务器,在成功认证了,资源拥有者,并获取了授权后发放访问令牌给客户端。
authorization server The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.
授权服务器和资源服务器之间的交互超出了本规范的范围。
The interaction between the authorization server and resource server is beyond the scope of this specification.
授权服务器可以与资源服务器在一起或分开。一个授权服务器,可以发放多个资源服务器都接受的令牌。
The authorization server may be the same server as the resource server or a separate entity. A single authorization server may issue access tokens accepted by multiple resource servers.