OAuth 2.0
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.
OAuth2.0是授权的行业标准协议。OAuth2.0关注于客户机开发人员的简单性,同时为web应用程序、桌面应用程序、移动电话和客厅设备提供特定的授权流。本规范及其扩展正在ietf oauth工作组中开发。
Questions, suggestions and protocol changes should be discussed on the mailing list.
问题、建议和方案变更应在邮件列表中讨论。
OAuth 2.0
- OAuth 2.0 Framework - RFC 6749
- OAuth Grant Types
- Client Types - Confidential and Public Applications
- Bearer Tokens - RFC 6750
- Threat Model and Security Considerations - RFC 6819
- OAuth Security Best Current Practice
Mobile and Other Devices
- Native Apps - Recommendations for using OAuth with native apps
- Browser-Based Apps - Recommendations for using OAuth with browser-based apps (e.g. an SPA)
- Device Authorization Grant - OAuth for devices with no browser or no keyboard
Token and Token Management
Discovery and Registration
Experimental and Draft Specs
Related Specs and Extensions
Community Resources
Protocols Built on OAuth 2.0
Code and Services
OAuth 2.1
Legacy
数组交集