How to provide OAuth services from website.?

2019-05-02 03:35发布

问题:

OAuth allows the you the User to grant access to his private resources on one site to another site. But how exactly does this happen. And if I want to provide OAuth features in my site, (both as Service Provider and consumer), how do I go about doing it. I'm using a Fedora 13 based server. And is it possible to configure Round Cube / Squirrel Mail to provide these Services. Like as of now all my users have mail account in the server, I want the credentials in the mail to be used to provide the OAuth Services.

回答1:

A simple example to demonstrate oauth flow. Understanding the concept helps to design accordingly:



回答2:

If you want to be a provider of data, then you have to implement OAuth server at your site and if you want to be consumer, you will have to implement OAuth client at your site.

You should also read some articles and tutorials to gain a better understanding of the protocol, because it's a protocol that allows to protect APIs and that being said, everything connected with security should be well understood by the developer that is imeplementing it.

In case that you're a provider, the 1.0 version of the protocol works in the following way:

  1. Consumer requires access to end-user's private data
  2. Provider issues a token to the consumer
  3. End-user authorizes the token
  4. Consumer can make authorized requests with that token for end-users's private data

Good place to start is: http://hueniverse.com/oauth/

You can also read the RFC when you decide if you will implement 1.0a or 2.0 version of the protocol. I have implemented only 1.0a so far, so I cannot give advice to which is better. I guess the 2.0 version has more possibilities, and everyone says it's easier to implement. As far for the easier, 1.0a is not difficult to implement also, because there are good open source libraries both for clients and servers and you can set up and run server or client for 1 day, if you understand the mechanics of the protocol.

Of course, if you want to make a good server with different scopes of access, inheritance of scopes and if your API is complicated and extensible, you will have to do a lot more work there, no matter if you choose 1.0a or 2.0 OAuth version



回答3:

As for the "How will I do it?"

There are lots of good libraries out there. Here is an excellent list: http://oauth.net/code/