附件:OAuth.xmind
1 Introduction
- 1 Roles
- resource owner
- resource server
- client
- authorization server
- 2 Protocol Flow
- 3 Access Token
- 4 AUthorization Grant 分类:
- 1 Authorization Code
- 2 Implicit
- 3 Resource Owner Password Credentials
- 4 Client Credentials
- 5 Refresh Token
- 6 Notational Conventions
2 Client Registration
- 1 client types
- private
- public
- 2 Registration Requirements
- 3 Client Identifier
- 4 Client Authentication
- 1 Client Password
- client_id [required]
- client_secret [required]
- 2 other Authentication Methods
- 1 Client Password
-
5 Unregistered Clients 未注册的client不是不能用,而是需要通过其它安全验证
3 Protocol Endpoints
- 1 Authentication Endpoint
- 1 Response Type response_type [required]
- 2 Redirection URI
- 2 Token endpoint
4 OAuth流程
4.1 正常访问 未OAuth过
4.2 正常访问 已OAuth过
4.3 token过期 已OAuth过
4.4 授权变更 已OAuth过