以下是官网直译:https://oauth.net/
1. 首页
OAuth是一种开放协议(注:协议是公开的,任何人都可以按照协议的文
去实现该协议的通信,比如说OAuth协议,任何人都可以买到或者获得该
协议的完整说明,并去实现,而不需要支付授权费用,开放协议处于许多重
要系统的核心,互联网需要TCP/IP协议,Web需要HTTP,电子邮件需SMTP,
这些开放系统能够让开发者在上面建立应用程序), 允许用户让第三方应用
以安全且标准的方式获取该用户在某一网站,移动或者桌面应用上存储的
秘密的资源(如用户个人信息,照片,视频,联系人列表),而无需将用
户名和密码提供给第三方应用。
OAuth2.0授权框架允许第三方应用程序获得对HTTP服务的有限访问。
为消费者开发人员
如果你正在构建以下...
- web applications
- desktop applications
- mobile applications
- Javascript or browser-based apps (javascript或者基于浏览器的应用程序)
OAuth是一种发布和受保护数据交互的简单方法。这也是一种更安全的方式让人们可以访问。为了节省你的时间,OAuth一直保持简单。
对于服务提供者开发人员
如果你支持以下...
- web applications
- mobile applications
- server-side APIs(服务端APIS)
- mashups(插件)
如果你是在为用户存储受保护的数据,他们不应该在网络上散布密码以活得访问权。使用OAUTH来让用户访问他们的数据,同时保护他们的账户凭证。
入门指南(Getting Started)
下面是OAuth 2.0 的一些指南,它涵盖了理解和实现客户端和服务端的主题。
OAuth 2.0 Simplified(OAuth2.0简化)
OAuth2.0简化 是Aaron Parecki写的,是OAuth2.0的指南,专注于编写客户端,在介绍性的层面上给出了一个清晰的概述。
- Roles: Applications, APIs and Users
- Creating an App
-
Authorization: Obtaining an access token 授权,获取一个令牌
- Web Server Apps
- Single-Page Apps 单页面应用程序
- Mobile Apps
- Others
- Making Authenticated Requests 制作身份验证的请求
- Differences from OAuth 1.0 区别OAuth1.0
- Authentication and Signatures 身份验证和签名
- User Experience and Alternative Authorization Flows 用户体验和可选授权流
- Performance at Scale 大规模集群的性能
- Resources
OAuth 2.0 Servers (OAuth2.0服务)
OAuth2.0服务是由Aaron Parecki撰写的,由 Okta发布出版,是构建OAuth2.0服务的指南,其中包括许多细节,而不是规范的一部分。
- Background
- Definitions
- OAuth 2.0 Clients
- Client Registration
- Authorization
- Scope
- Redirect URIs
- Access Tokens
- Listing Authorizations
- Token Introspection Endpoint
- The Resource Server
- Creating Documentation
- Differences Between OAuth 1 and 2
Code and Libraries(代码和库)
有很多不同语言的client和server库可以让您快速入门。
Books(书)
---您可以在OAuth2.0中找到一些优秀的 books。
Consulting(咨询,顾问)
找一个OAuth consultant 来帮助你的组织。
2. OAuth 2.0
OAuth 2.0
OAuth 2.0是用于授权的行业标准协议。OAuth 2.0取代了2006年创建的OAuth协议所做的工作。OAuth 2.0侧重于客户端开发人员的简单性,同时为web应用程序,桌面应用程序,移动电话和客厅设备提供特定的授权流。该规范是在IETF OAuth WG中开发的。
问题,建议和协议更改应该在mailing list 中讨论。
OAuth 2.0 Core (核心)
- OAuth 2.0 Framework - RFC 6749(框架)
- Bearer Token Usage - RFC 6750 (不记名使用令牌)
- Threat Model and Security Considerations - RFC 6819 (威胁模式和安全考虑)
OAuth 2.0 Extensions(扩展)
- OAuth 2.0 Device Flow (设备流)
- OAuth 2.0 Token Introspection - RFC 7662, to determine the active state and meta-information of a token (以确定一个令牌的活动状态和元信息)
- PKCE - Proof Key for Code Exchange, better security for native apps(验证代码交换的关键,更好的本地应用程序安全性。)
- Native Apps - Recommendations for using OAuth 2.0 with native apps (应用程序,使用OAuth 2.0与本地应用程序的推荐。)
- JSON Web Token - RFC 7519 (JSON Web标记)
- OAuth Assertions Framework - RFC 7521 (OAuth断言框架)
- SAML2 Bearer Assertion - RFC 7522, for integrating with existing identity systems (与现有的身份系统集成)
- JWT Bearer Assertion - RFC 7523, for integrating with existing identity systems (与现有的身份系统集成)
需要帮助整理这些规范,并弄清楚它们是如何应用于您的组织的开发计划的,找一个OAuth顾问。OAuth consultant
Community Resources (社区资源)
- OAuth 2.0 Simplified(简化)
- Books about OAuth (书)
- OAuth 2.0 Servers - a guide to building OAuth 2.0 servers by Aaron Parecki (服务指南)
- OAuth articles by Alex Bilbie(文章)
Protocols Built on OAuth 2.0 (基于OAuth 2.0构建的协议)
- Open ID Connect
- UMA
- Green Button
- Blue Button (obsolete)
Code and Services (代码和服务)
Legacy (遗赠)
See more information on OAuth 1.0 and 1.0a.
3. Code
Code
下面是支持OAuth 2.0库和服务的集合。如果您想对这个页面做任何更改,您可以 edit this page.
Server Libraries (服务端库)
Java
Tokens: Java library for conveniently verifying and storing OAuth 2.0 service access tokens.
Light OAuth2 - The fastest, lightest and cloud native OAuth 2.0 microservices
PHP
PHP OAuth 2.0 (AS with SAML/BrowserID AuthN, with management REST API)
PHP OAuth2.0 for Silex and Demo
PHP OAuth2.0 for Symfony and Demo
Nette OAuth2 provider for Nette framework and Nette REST API bundle
Python
Python Social Auth is an OAuth and OAuth2 client for a multitude of services.
Django OAuth Toolkit (DOT) is an OAuth2 Provider for Django built upon oauthlib
HHS OAuth2 Server a health-centric Django project based on DOT
Flask-OAuthlib is an OAuth2 Client/Provider for Flask built upon oauthlib
NodeJS
Mozilla Firefox Accounts. A full stack Identity Provider system developed to support Firefox Marketplace and other services
OAuth2orize: toolkit to implement OAuth2 Authorization Servers
Ruby
.NET
OAuthServer a simple OAuth server 2.0 developed in C# to provide OAuth authentication for Active Directory Users.
Erlang
Go
Fosite: Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
osin: Golang OAuth2 server library
gin-oauth2: middleware for Gin Framework users who also want to use OAuth2
C
Glewlwyd a lightweight OAuth2 server providing JSON Web Tokens and supports authentication with database or LDAP backend for users and clients.
Client Libraries(客户端库)
PHP
league/oauth2-client: OAuth 2.0 Client from the League of Extraordinary Packages
oauth-api from PHP Classes
OAuth2/OpenID Connect Client Library for PHP/Zend Framework 2
Objective C
Swift
Java
Scala
Python
Flask-OAuthlib is an OAuth2 Client/Provider for Flask built upon oauthlib
Ruby
Javascript
Node.js
Perl
.NET
Qt/C++
Qt Network Authentication (since 5.8, supports OAuth 1 and 2)
Lua/Corona SDK
Dart
Go
ActionScript
PowerShell
Proxy services(代理服务)
- Hydra an open source OAuth2 and OpenID Connect server for new and existing infrastructures (一个开源的OAuth2 和OpenID Connect服务用于新的和现有的基础设施)
- OAuth.io (self hosted), and also you can use as an external service
- SSQ signon (self hosted), and also you can use as an external service
- Auth0: Authorization Server as a service (or self hosted)
Services that support OAuth 2(支持OAuth2的服务)
- 37signals (draft 5)
- Auth0
- BookingSync
- Box
- Beeminder
- Campaign Monitor
- Clever
- Dropbox
- Facebook's Graph API
- Foursquare
- GitHub
- HiDrive
- Meetup
- NationBuilder
- Salesforce
- Citrix ShareFile
- Slack
- SoundCloud
- Do.com (draft 22)
- Windows Live
- time cockpit
- Zalando's baboon-proxy
Legacy OAuth 1.0 Support(遗留OAuth 1.0支持)
- See OAuth 1.0
