gpt4 book ai didi

oauth-2.0 - 为什么访问 token 请求需要redirect_uri?

转载 作者:行者123 更新时间:2023-12-04 08:41:53 27 4
gpt4 key购买 nike

我正在开发基于 rfc6749 的 oauth2 提供程序我想知道,为什么 Access Token Request 上需要 redirect_uri ?/token 端点没有重定向,并且假设状态已经过验证(即针对 CSRF),因此 redirectURI 的副本对我来说没有多大意义。

最佳答案

在身份验证代码流中,它用于验证第一个身份验证请求中的 redirect_uri。
https://www.oauth.com/oauth2-servers/redirect-uris/redirect-uri-validation/

Granting Access Tokens

The token endpoint will get a request to exchange an authorization code for an access token. This request will contain a redirect URL as well as the authorization code. As an added measure of security, the server should verify that the redirect URL in this request matches exactly the redirect URL that was included in the initial authorization request for this authorization code. If the redirect URL does not match, the server rejects the request with an error.

关于oauth-2.0 - 为什么访问 token 请求需要redirect_uri?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37659188/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com