OAuth2.0的4.5扩展授权模式允许客户端通过指定一个绝对URI作为grant_type参数来使用自定义授权类型。例如,客户端可以使用SAML2.0断言获取访问令牌。如果请求有效并授权,授权服务器将签发访问令牌和可能的刷新令牌;否则,将返回错误响应。该模式扩展了OAuth2.0的灵活性,支持更多种类的身份验证和授权机制。
OAuth 2.0授权框架中文版 [4.5] - 扩展授权模式
4.5 扩展授权模式 - Extension Grants
客户端通过将令牌端点的grant_type参数声明为一个URI(由授权服务器定义)来使用扩展模式,同时可以增加一些必要的可选参数。
The client uses an extension grant type by specifying the grant type
using an absolute URI (defined by the authorization server) as the
value of the “grant_type” parameter of the token endpoint, and by
adding any additional parameters necessary.
比如,通过使用[OAuth-SAML2]定义的SAML2.0来获取访问令牌,客户端会用TLS链路发起如下HTTP请求:
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-
bearer&assertion=PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU
[...omitted for brevity...]aG5TdGF0ZW1lbnQ-PC9Bc3NlcnRpb24-
For example, to request an access token using a Security Assertion
Markup Language (SAML) 2.0 assertion grant type as defined by
[OAuth-SAML2], the client could make the following HTTP request using
TLS (with extra line breaks for display purposes only):POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2- bearer&assertion=PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU [...omitted for brevity...]aG5TdGF0ZW1lbnQ-PC9Bc3NlcnRpb24-
如果访问令牌请求有效且授权通过,则授权服务器按5.1的描述签发访问令牌和可选的刷新令牌。如果无效或授权失败,则按5.2的描述返回适当的错误信息。
If the access token request is valid and authorized, the
authorization server issues an access token and optional refresh
token as described in Section 5.1. If the request failed client
authentication or is invalid, the authorization server returns an
error response as described in Section 5.2.
192
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
