gpt4 book ai didi

oauth-2.0 - OAuth 2 - 'Username and Password Flow' 与 'Client Credential Flow' 之间有什么区别

转载 作者:行者123 更新时间:2023-12-04 14:31:51 25 4
gpt4 key购买 nike

在这两种情况下,用户凭据都被交换为访问 token 。有人可以解释一下区别吗?

以下是对来自 http://hueniverse.com 的流程的描述

• User-Agent Flow – for clients running inside a user-agent (typically a web browser).
• Web Server Flow – for clients that are part of a web server application, accessible via HTTP requests. This is a simpler version of the flow provided by OAuth 1.0.
• Device Flow – suitable for clients executing on limited devices, but where the end-user has separate access to a browser on another computer or device.
• Username and Password Flow – used in cases where the user trusts the client to handle its credentials but it is still undesirable for the client to store the user’s username and password.  This flow is only suitable when there is a high degree of trust between the user and the client.
• Client Credentials Flow – the client uses its credentials to obtain an access token. This flow supports what is known as the 2-legged scenario.
• Assertion Flow – the client presents an assertion such as a SAML assertion to the authorization server in exchange for an access token.

最佳答案

您在这里混淆了客户端和用户凭据。

OAuth 上下文中的客户端总是指获得授权的应用程序。因此,在客户端凭据流中,应用程序直接向提供者授权自己,无需来自用户的任何输入(也称为 2-legged flow,因为只涉及两方)。

用户名和密码流程是一个 3 条腿的流程。用户向应用程序提供他的用户名和密码,然后应用程序使用这些凭据向提供者请求数据。

关于oauth-2.0 - OAuth 2 - 'Username and Password Flow' 与 'Client Credential Flow' 之间有什么区别,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11832893/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com