{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 你好瞎i 的问题《How to provide OAuth services from website.?》','https://www.manongdao.com/q-647636.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
OAuth allows the you the User to grant access to his private resources on one site to another site. But how exactly does this happen. And if I want to provide OAuth features in my site, (both as Service Provider and consumer), how do I go about doing it. I'm using a Fedora 13 based server. And is it possible to configure Round Cube / Squirrel Mail to provide these Services. Like as of now all my users have mail account in the server, I want the credentials in the mail to be used to provide the OAuth Services.
相关问题
- java client program to send digest authentication
- PHP persistent login - Do i reissue a cookie after
- How to handle “App is temporarily blocked from log
- Script fails on SpreadsheetApp.openById - Requires
- Is service account in google calendar api v3 the r
相关文章
- Linux - change the hostname in the CLI
- User.Identity.IsAuthenticated vs WebSecurity.IsAut
- SwiftUI - Vertical Centering Content inside Scroll
- Override UserManager in django
- Proper WWW-Authenticate header for OAuth provider
- Your application has authenticated using end user
- Access Token for Dockerhub
- Django: Creating a superuser with a custom User mo
As for the "How will I do it?"
There are lots of good libraries out there. Here is an excellent list: http://oauth.net/code/
If you want to be a provider of data, then you have to implement OAuth server at your site and if you want to be consumer, you will have to implement OAuth client at your site.
You should also read some articles and tutorials to gain a better understanding of the protocol, because it's a protocol that allows to protect APIs and that being said, everything connected with security should be well understood by the developer that is imeplementing it.
In case that you're a provider, the 1.0 version of the protocol works in the following way:
Good place to start is: http://hueniverse.com/oauth/
You can also read the RFC when you decide if you will implement 1.0a or 2.0 version of the protocol. I have implemented only 1.0a so far, so I cannot give advice to which is better. I guess the 2.0 version has more possibilities, and everyone says it's easier to implement. As far for the easier, 1.0a is not difficult to implement also, because there are good open source libraries both for clients and servers and you can set up and run server or client for 1 day, if you understand the mechanics of the protocol.
Of course, if you want to make a good server with different scopes of access, inheritance of scopes and if your API is complicated and extensible, you will have to do a lot more work there, no matter if you choose 1.0a or 2.0 OAuth version
A simple example to demonstrate oauth flow. Understanding the concept helps to design accordingly: