平台授权模式

注册应用

联系我们进行应用注册,需要提供应用名称、回调地址redirect_uri,注册完成后给与client_id、client_secret

如需开通事件通知,请提供事件通知回调地址

授权流程

采用 OAuth2.0 进行授权认证

OAuth2官网https://oauth.net/2


+--------+                                          +-------------+
|        |--(A)------- Authorization Grant -------->|             |
|        |                                          |             |
|        |<-(B)----------- Access Token ------------|             |
|        |               & Refresh Token            |             |
|        |                                          |             |
|        |                            +----------+  |             |
|        |--(C)---- Access Token ---->|          |  |             |
|        |                            |          |  |             |
|        |<-(D)- Protected Resource --| Resource |  |Authorization|
| Client |                            |  Server  |  |    Server   |
|        |--(E)---- Access Token ---->|          |  |             |
|        |                            |          |  |             |
|        |<-(F)- Invalid Token Error -|          |  |             |
|        |                            +----------+  |             |
|        |                                          |             |
|        |--(G)----------- Refresh Token ---------->|             |
|        |                                          |             |
|        |<-(H)----------- Access Token ------------|             |
+--------+           & Optional Refresh Token       +-------------+

字段说明

YOU_CLIENT_ID:应用的 client_id

YOU_CLIENT_SECRET:应用的 client_secret

YOU_REDIRECT_URI:注册应用时提供的 redirect_uri

RETURNED_CODE:请求授权后重定向返回的参数code

STATE:随机字符串,用于防止CSRF攻击(可选)

请求授权(直接访问)

GET /oauth/authorize?client_id=YOU_CLIENT_ID&redirect_uri=YOU_REDIRECT_URI&response_type=code&scope=exam%2binterview&state=STATE

用户授权完毕后会重定向至YOU_REDIRECT_URI并带上授权码code

YOU_REDIRECT_URI?code=RETURNED_CODE&state=STATE

你可以用该code请求接口获取 access_token

获取 access_token

POST /oauth/token.json

请求参数:

{
  client_id: YOU_CLIENT_ID,
  client_secret: YOU_CLIENT_SECRET,
  code: RETURNED_CODE,
  grant_type: "authorization_code",
  redirect_uri: YOU_REDIRECT_URI
}

返回结果:

{
 "access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
 "token_type": "Bearer",
 "expires_in": 7200,
 "scope": "exam interview",
 "refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"
}

刷新 access_token

POST /oauth/token.json

请求参数:

{
  client_id: YOU_CLIENT_ID,
  client_secret: YOU_CLIENT_SECRET,
  redirect_uri: YOU_REDIRECT_URI,
  grant_type: "refresh_token",
  refresh_token: "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"
}

返回结果:

{
 "access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
 "token_type": "Bearer",
 "expires_in": 7200,
 "refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"
}

条 "" 的搜索结果

    没有 "" 的搜索结果