OAuth 2.0 Bearer Token 到底是什么? - What is the OAuth 2.0 Bearer Token exactly?

10/14 02:57
阅读数 0

问题:

According to RFC6750 -The OAuth 2.0 Authorization Framework: Bearer Token Usage, the bearer token is:根据RFC6750 -The OAuth 2.0 Authorization Framework: Bearer Token Usage,不记名令牌为:

A security token with the property that any party in possession of the token (a "bearer") can use the token in any way that any other party in possession of it can.一种安全令牌,其特性是拥有令牌的任何一方(“持有者”)可以以任何其他拥有令牌的方式使用令牌。

To me this definition is vague and I can't find any specification.对我来说,这个定义很模糊,我找不到任何规范。

  • Suppose I am implementing an authorization provider, can I supply any kind of string for the bearer token?假设我正在实施授权提供程序,我可以为不记名令牌提供任何类型的字符串吗?
  • Can it be a random string?它可以是一个随机字符串吗?
  • Does it have to be a base64 encoding of some attributes?它是否必须是某些属性的 base64 编码?
    Should it be hashed?它应该被散列吗?
  • And does the service provider need to query the authorization provider in order to validate this token?服务提供者是否需要查询授权提供者才能验证此令牌?

Thank you for any pointer.谢谢你的任何指针。


解决方案:

参考一: https://en.stackoom.com/question/1kPgt
参考二: https://stackoom.com/question/1kPgt
展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部