The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.
一、基本脑图
二、四种方式流程图
1. 授权码
2. 隐藏式
3. 密码式
4. 客户端凭证![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/9177cd57703e76eb4ca18e6b6a012447.png)
三、令牌更新
验证通过后会返回两个令牌
1、获取数据的令牌
2、获取新令牌的令牌(refresh_token)
使用refresh_token获取新的令牌。