我一直试图了解我在这里的问题是OAuth2
假设我使用我的Facebook帐户通过OAuth2登录到一个网站(例如Stack Overflow).我知道我是资源所有者",但是在这种情况下我拥有哪些资源?
Suppose I use my Facebook account to log in to a web site (say Stack Overflow ) via OAuth2. I understand that I am the "resource owner" but which resources am I owning in this scenario?
我在Facebook上的东西或在Stack Overflow中的东西?
My things in Facebook or my things in Stack Overflow?
从这篇关于傻瓜的Oauth文章,看来资源在Facebook上,但是从我的问题的答案来看,资源似乎在堆栈溢出中.
From this Oauth for dummies article it would seem the resources are in Facebook, but from the answers to my question it would seem the resources are in Stack Overflow.
资源与范围相同吗?
[更新]
查看此处的概述
我了解到
OpenID Connect 1.0是OAuth 2.0之上的简单身份层 协议.它使客户端能够验证最终用户的身份 基于授权服务器执行的身份验证,如 以及获取有关最终用户的基本个人资料信息 可互操作且类似REST的方式.
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
也
抽象地讲,OpenID Connect协议遵循以下步骤.
The OpenID Connect protocol, in abstract, follows the following steps.
推荐答案
在上述情况下,您作为资源所有者授权Stack Overflow作为客户端应用程序进行访问到您的Facebook帐户作为所拥有的资源.
In the above scenario, you as the resource owner authorize access by Stack Overflow as the client application to your Facebook account as the owned resource.
该应用程序对您Facebook帐户的访问仅限于授权访问的作用域.
The application's access to your Facebook account is limited to scope of the authorized access.
更多推荐
在Oauth2中,资源所有者拥有的资源在哪里?
发布评论