究竟什么是OAuth(开放授权)?
我从那里得到了一些信息
OAuth Twitter教程:什么是OAuth以及它对你意味着什么 OAuth是什么
但我想学习和了解更多。我在寻找生命周期的信息。为什么大多数社交网络都依赖于这个开放协议?
在不久的将来,随着各种技术的发展(例如ASP.NET),它会成为事实吗?
究竟什么是OAuth(开放授权)?
我从那里得到了一些信息
OAuth Twitter教程:什么是OAuth以及它对你意味着什么 OAuth是什么
但我想学习和了解更多。我在寻找生命周期的信息。为什么大多数社交网络都依赖于这个开放协议?
在不久的将来,随着各种技术的发展(例如ASP.NET),它会成为事实吗?
当前回答
OAuth是Resource Owner(facebook,谷歌,tweeter, microsoft live等)使用的协议,用于提供所需的信息,或为第三方系统(例如您的站点)提供写入成功的许可。最有可能的是,如果没有OAuth协议,第三方系统应该可以使用凭据,这将是这些系统之间不合适的通信方式。
其他回答
OAuth(开放授权)是访问授权/授权协议的开放标准。它是互联网用户授权网站或应用程序访问他们在其他网站上的信息而不提供密码的一种方式。它不处理身份验证。
Or
OAuth 2.0是一种协议,允许用户将其在一个站点上的资源的有限访问权限授予另一个站点,而无需暴露他们的凭据。
Analogy 1: Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything. src from auth0 Analogy 2: Assume, we want to fill an application form for a bank account. Here Oauth works as, instead of filling the form by applicant, bank can fill the form using Adhaar or passport. Here the following three entities are involved: Applicant i.e. Owner Bank Account is OAuth Client, they need information Adhaar/Passport ID is OAuth Provider
Simply put OAuth is a way for applications to gain credentials to your information without directly getting your user login information to some website. For example if you write an application on your own website and want it to use data from a user's facebook account, you can use OAuth to get a token via a callback url and then use that token to make calls to the facebook API to get their use data until the token expires. Websites rely on it because it allows programmers to access their data without the user having to directly disclose their information and spread their credentials around online but still provide a level of protection to the data. Will it become the de facto method of authorization? Perhaps, it's been gaining a lot of support recently from Twitter, Facebook, and the likes where other programmers want to build applications around user data.
OAuth是Resource Owner(facebook,谷歌,tweeter, microsoft live等)使用的协议,用于提供所需的信息,或为第三方系统(例如您的站点)提供写入成功的许可。最有可能的是,如果没有OAuth协议,第三方系统应该可以使用凭据,这将是这些系统之间不合适的通信方式。
OAuth主要是关于委托授权(选择可以为您进行授权的人)。请注意,身份验证和授权是不同的事情。OAuth是授权(访问控制),如果还想实现身份验证(ID验证),可以在OAuth之上使用OpenID协议。
All big companies like Facebook, Google, Github,... use this kind of authentication/authorization nowadays. For example, I just signed in on this website using my Google account, this means Stackoverflow doesn't know my password, it receives the allowance from Google where my password (hashed obviously) is saved. This gives a lot of benefits, one of them is; In the near future you won't have to make several accounts on every website. One website (which you trust most) can be used to login to all other websites. So you'll only have to remember one password.
OAuth是一种开放的授权标准,通常用于互联网用户使用微软、谷歌、Facebook或Twitter账户登录第三方网站而不暴露密码。