Oauth 2.0 OAuth 2-与#x27;用户名和密码流';vs';客户端凭证流';
在这两种情况下,用户凭据都被交换为访问令牌。有人能解释一下区别吗 下面是对来自的流的描述 您在这里混淆了客户端和用户凭据 OAuth上下文中的客户机总是指获得授权的应用程序。因此,在客户端凭证流中,应用程序直接向提供者授权,而无需用户的任何输入(也称为仅涉及两方)Oauth 2.0 OAuth 2-与#x27;用户名和密码流';vs';客户端凭证流';,oauth-2.0,Oauth 2.0,在这两种情况下,用户凭据都被交换为访问令牌。有人能解释一下区别吗 下面是对来自的流的描述 您在这里混淆了客户端和用户凭据 OAuth上下文中的客户机总是指获得授权的应用程序。因此,在客户端凭证流中,应用程序直接向提供者授权,而无需用户的任何输入(也称为仅涉及两方) 用户名和密码流是一个三条腿的流。用户向应用程序提供用户名和密码,然后应用程序使用这些凭据向提供商请求数据。Ah谢谢-这比规范中提供的更有意义-我认为所选择的术语令人困惑,因为定义随上下文而变化 • User-Agent Flow –
用户名和密码流是一个三条腿的流。用户向应用程序提供用户名和密码,然后应用程序使用这些凭据向提供商请求数据。Ah谢谢-这比规范中提供的更有意义-我认为所选择的术语令人困惑,因为定义随上下文而变化
• User-Agent Flow – for clients running inside a user-agent (typically a web browser).
• Web Server Flow – for clients that are part of a web server application, accessible via HTTP requests. This is a simpler version of the flow provided by OAuth 1.0.
• Device Flow – suitable for clients executing on limited devices, but where the end-user has separate access to a browser on another computer or device.
• Username and Password Flow – used in cases where the user trusts the client to handle its credentials but it is still undesirable for the client to store the user’s username and password. This flow is only suitable when there is a high degree of trust between the user and the client.
• Client Credentials Flow – the client uses its credentials to obtain an access token. This flow supports what is known as the 2-legged scenario.
• Assertion Flow – the client presents an assertion such as a SAML assertion to the authorization server in exchange for an access token.