OAuth 2.0 Generating Token and Secret Token [close

2019-03-13 23:08发布

问题:

I am implementing the OAuth 2.0 provider server using Apache Oltu framework, looking for some idea on how to generate the access token and secret tokens in java. Please advise.

回答1:

OAuth 2.0 specification doesn't tell anything about how to generate token and secret token. Thus it is up to you whether you use some existing/anchor data to generate tokens or you want to use random sequence in order to generate tokens. The only difference is that if you use presumably known data (e.g. user data, such as username, creation date plus etc.) you can restore tokens any time you need that. If you use random sequence of data, then you cannot restore tokens once they are lost.

In other words, RFC doesn't restrict you on generation process.

I would probably use string concatenation of User Details data plus some random data, then do Base64 encoding.

String keySource = username + creationDate + random;
byte [] tokenByte = new Base64(true).encodeBase64(keySource.getBytes());
String token = new String(tokenByte);