91 lines
4.2 KiB
Markdown
91 lines
4.2 KiB
Markdown
|
### setting
|
|||
|
|
|
|||
|
|
|
|||
|
|
- `Allow Implicit Grant` a way to return token directly to client, you can google it
|
|||
|
|
- `Enforce State Validation` `state` must be provided
|
|||
|
|
- `Require Exact Redirect URI` url in `redirect_uri` should be exactly the same as the one of client
|
|||
|
|
- `Access Token Lifetime`
|
|||
|
|
|
|||
|
|
### create a client
|
|||
|
|
|
|||
|
|
#### instructions
|
|||
|
|
- `Name` name of client
|
|||
|
|
- `Description` description of client
|
|||
|
|
- `Icon` icon of client, optional
|
|||
|
|
- `Homepage` homepage of client, optional
|
|||
|
|
- `Redirect URI` redirect uri of client, required, multiple uri should be separated by space (not recommended)
|
|||
|
|
- `Scopes` optional (don't fill it if you don't know)
|
|||
|
|
- `Grant Types` optional (don't fill it if you don't know)
|
|||
|
|
- `Client ID` and `Client Secret` used for client authentication, generated automatically, don't share it with others
|
|||
|
|
|
|||
|
|
### set scope for your resources (user.read is default scope)
|
|||
|
|
|
|||
|
|
most people only need `user.read` scope, if you need more, you can add it here (maybe you need to know something about OAuth scope first)
|
|||
|
|
#### instructions
|
|||
|
|
- `Scope ID` unique identifier of scope, used for distinguish, you can refer to `Github` scope
|
|||
|
|
- `Resource Path` resource path of scope
|
|||
|
|
- `Request Method` request method of resource path, usually `GET`
|
|||
|
|
- `Default` if checked, this scope will be added even if it's not in `scope` parameter
|
|||
|
|
- `Name` name of scope, used for display
|
|||
|
|
- `Description` description of scope, used for display, you can use `{user}` `{client_name}` variable to represent user and client name
|
|||
|
|
- `Icon` support `FontAwesome` icon and normal image
|
|||
|
|
|
|||
|
|
### uri
|
|||
|
|
#### authorize
|
|||
|
|
`/oauth/authorize`
|
|||
|
|
|
|||
|
|
| param | description | required | default | example |
|
|||
|
|
| --- | --- | --- | --- | --- |
|
|||
|
|
| client_id | client id | yes | none | 123456 |
|
|||
|
|
| response_type | grant type | yes | none | code or token |
|
|||
|
|
| redirect_uri | redirect uri | yes | client redirect uri | https://example.com/oauth/callback |
|
|||
|
|
| scope | scope | no | none | user.read |
|
|||
|
|
| state | state | no | none | 123456 |
|
|||
|
|
|
|||
|
|
example:
|
|||
|
|
```
|
|||
|
|
GET https://example.com/oauth/authorize?client_id=123456&response_type=code&redirect_uri=https://user.example.com/oauth/callback&scope=user.read&state=123456
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
#### token
|
|||
|
|
`/oauth/token`
|
|||
|
|
|
|||
|
|
| param | description | required | default | example |
|
|||
|
|
| --- | --- | --- | --- | --- |
|
|||
|
|
| client_id | client id | yes | none | 123456 |
|
|||
|
|
| client_secret | client secret | yes | none | 123456 |
|
|||
|
|
| grant_type | grant type | yes | none | authorization_code or refresh_token |
|
|||
|
|
| code | authorization code | required when grant type is authorization_code | none | 123456 |
|
|||
|
|
| refresh_token | refresh token | required when grant type is refresh_token | none | 123456 |
|
|||
|
|
| redirect_uri | redirect uri | required when grant type is authorization_code | client redirect uri | https://example.com/oauth/callback |
|
|||
|
|
|
|||
|
|
example:
|
|||
|
|
```
|
|||
|
|
POST https://example.com/oauth/token
|
|||
|
|
|
|||
|
|
Payload: client_id=123456&client_secret=123456&grant_type=authorization_code&code=123456&redirect_uri=https://example.com/oauth/callback
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### resource
|
|||
|
|
`/api/user`
|
|||
|
|
|
|||
|
|
| param | description | required | default | example |
|
|||
|
|
| --- |--------------|-----|---------| --- |
|
|||
|
|
| access_token | access token | yes | none | 123456 |
|
|||
|
|
|
|||
|
|
### example
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
GET https://example.com/api/user?access_token=123456
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### do it as normal OAuth client
|
|||
|
|
|
|||
|
|
|
|||
|
|
### get access token after authorized
|
|||
|
|
|
|||
|
|
|
|||
|
|
### using token to access resources (get or header)
|
|||
|
|
|
|||
|
|
|