我实现一个的OAuth2供应商,我想在我的网站,开发人员登录并注册第三方应用程序的某个地方有一个区域。但我有一个关于如何生成的应用程序的客户端标识符和客户端秘密的疑虑。他们应该是唯一的随机codeS,或者他们必须有一些有意义的信息给客户端?我想他们可能是随机的。
I'm implementing an OAuth2 provider, and I would like to have an area somewhere in my web site where developers log on and register third party apps. But I'm having doubts on how to generate the apps's client identifier and client secret. Should they be unique random codes, or do they have to have some meaningful information to the client? I guess they could be random.
嗯,我一直在寻找如何做到这一点的最佳实践,但还没有找到那么多。所以任何答案将AP preciated。
Well I've been looking for best practices on how to do this, but haven't found that much. So any answers will be appreciated.
PD:Im在.NET MVC3开发了一个名为DotNetOpenAuth库
PD: Im developing on .NET MVC3 with a library called DotNetOpenAuth.
推荐答案客户端标识符可以是任何你想要的。它可以是他们的选择或任何随机字符串。
The client identifier can be anything you want. It can be their choice or any random string.
客户端秘密应该是一个加密的强随机字符串。这里是你如何生成一个
The client secret should be a cryptographically strong random string. Here is how you can generate one:
RandomNumberGenerator cryptoRandomDataGenerator = new RNGCryptoServiceProvider(); byte[] buffer = new byte[length]; cryptoRandomDataGenerator.GetBytes(buffer); string uniq = Convert.ToBase64String(buffer); return uniq;更多推荐
如何生成OAuth客户标识符和客户端的秘密?
发布评论