OAuth 2.0授权框架中文版 [4.5] - 扩展授权模式
4.5 扩展授权模式 - Extension Grants
客户端通过将令牌端点的grant_type参数声明为一个URI(由授权服务器定义)来使用扩展模式,同时可以增加一些必要的可选参数。
The client uses an extension grant type by specifying the grant type
using an absolute URI (defined by the authorization server) as the
value of the “grant_type” parameter of the token endpoint, and by
adding any additional parameters necessary.
比如,通过使用[OAuth-SAML2]定义的SAML2.0来获取访问令牌,客户端会用TLS链路发起如下HTTP请求:
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-
bearer&assertion=PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU
[...omitted for brevity...]aG5TdGF0ZW1lbnQ-PC9Bc3NlcnRpb24-
For example, to request an access token using a Security Assertion
Markup Language (SAML) 2.0 assertion grant type as defined by
[OAuth-SAML2], the client could make the following HTTP request using
TLS (with extra line breaks for display purposes only):POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2- bearer&assertion=PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU [...omitted for brevity...]aG5TdGF0ZW1lbnQ-PC9Bc3NlcnRpb24-
如果访问令牌请求有效且授权通过,则授权服务器按5.1的描述签发访问令牌和可选的刷新令牌。如果无效或授权失败,则按5.2的描述返回适当的错误信息。
If the access token request is valid and authorized, the
authorization server issues an access token and optional refresh
token as described in Section 5.1. If the request failed client
authentication or is invalid, the authorization server returns an
error response as described in Section 5.2.