|
|
|
##### 授权说明
|
|
|
|
|
|
|
|
- 接口(Protocol Endpoints)
|
|
|
|
|
|
|
|
|||
|
|
|
|
|------|------|
|
|
|
|
|<a href="#authorization-endpoint">/sso/oauth2/authorize</a>|Authorization Endpoint|
|
|
|
|
|<a href="#token-endpoint">/sso/oauth2/token</a>|Token Endpoint|
|
|
|
|
|
|
|
|
|
|
|
|
##### 对接说明:
|
|
|
|
|
|
|
|
|
|
|
|
详见: <a href="#OAuth2 oidc 对接说明" >Oauth2对接说明</a>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##### 接口说明
|
|
|
|
|
|
|
|
***********************************************************************************************
|
|
|
|
|
|
|
|
##### Authorization Endpoint
|
|
|
|
|
|
|
|
接口说明:
|
|
|
|
|
|
|
|
资源提供方获取认证授权
|
|
|
|
|
|
|
|
接口调用请求说明:
|
|
|
|
|
|
|
|
##### (1)Authorization Code Grant
|
|
|
|
|
|
|
|
> 请求方式: GET (重定向)
|
|
|
|
> https://work.ketanyun.com/sso/oauth2/authorize?scope=profile&response_type=code&redirect_uri=http://callback&client_id=xxx&state=STATE
|
|
|
|
|
|
|
|
|
|
|
|
##### (2)Implicit Grant
|
|
|
|
|
|
|
|
> 请求方式: GET (重定向)
|
|
|
|
> https://work.ketanyun.com/sso/oauth2/authorize?scope=profile&response_type=token&redirect_uri=http://callback&client_id=xxx&state=STATE
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
参数说明:
|
|
|
|
|
|
|
|
|参数|是否必须|说明|
|
|
|
|
|------|------|------|
|
|
|
|
|response_type|是|响应类型(code/token)|
|
|
|
|
|client_id|是|应用appKey|
|
|
|
|
|scope|是|授权范围|
|
|
|
|
|redirect_uri|是|应用回调地址|
|
|
|
|
|state|否|防跨站伪造参数|
|
|
|
|
|
|
|
|
返回说明:
|
|
|
|
|
|
|
|
> 授权成功后重定向到指定的redirect_uri:
|
|
|
|
>
|
|
|
|
> (Authorization Code Grant) http://callback?code=xxx&state=STATE
|
|
|
|
>
|
|
|
|
> (Implicit Grant) http://callback#access_token=xxx&scope=xxx&token_type=Bearer&expires_in=2000000
|
|
|
|
|
|
|
|
|
|
|
|
|参数|说明|
|
|
|
|
|------|------|
|
|
|
|
|code|已授权令牌|
|
|
|
|
|state|请求时的参数state|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
***********************************************************************************************
|
|
|
|
|
|
|
|
|
|
|
|
##### Token Endpoint
|
|
|
|
|
|
|
|
接口说明:
|
|
|
|
|
|
|
|
应用方获取访问令牌
|
|
|
|
|
|
|
|
接口调用请求说明:
|
|
|
|
|
|
|
|
##### (1)Authorization Code Grant
|
|
|
|
|
|
|
|
> 请求方式: POST
|
|
|
|
> https://work.ketanyun.com/sso/oauth2/token?scope=profile&redirect_uri=http://callback&client_id=xxx&client_secret=xxx&grant_type=authorization_code&code=xxx
|
|
|
|
|
|
|
|
> post参数(参考):
|
|
|
|
> scope=profile&redirect_uri=http://callback&client_id=xxx&client_secret=xxx&grant_type=authorization_code&code=xxx
|
|
|
|
|
|
|
|
> curl -X POST -H 'Content-Type:application/x-www-form-urlencoded' https://work.ketanyun.com/sso/oauth2/token -d 'scope=profile&redirect_uri=http://callback&client_id=xxx&client_secret=xxx&grant_type=authorization_code&code=xxx'
|
|
|
|
|
|
|
|
|
|
|
|
##### (2)Client Credentials Grant
|
|
|
|
|
|
|
|
> 请求方式: POST
|
|
|
|
> curl -X POST -H 'Content-Type:application/x-www-form-urlencoded' 'https://work.ketanyun.com/sso/oauth2/token?grant_type=client_credentials&client_id=xxx&client_secret=xxx&scope=xxx'
|
|
|
|
|
|
|
|
|
|
|
|
##### (3)Resource Owner Password Credentials Grant
|
|
|
|
|
|
|
|
> 请求方式: POST
|
|
|
|
> curl -X POST -H 'Content-Type:application/x-www-form-urlencoded' 'https://work.ketanyun.com/sso/oauth2/token?grant_type=password&client_id=xxx&client_secret=xxx&username=xxx&password=xxx&scope=xxx'
|
|
|
|
|
|
|
|
|
|
|
|
##### Refreshing an Access Token
|
|
|
|
|
|
|
|
> 请求方式: POST
|
|
|
|
> curl -X POST -H 'Content-Type:application/x-www-form-urlencoded' 'https://work.ketanyun.com/sso/oauth2/token?grant_type=refresh_token&client_id=xxx&client_secret=xxx&refresh_token=xxx&scope=xxx'
|
|
|
|
|
|
|
|
|
|
|
|
参数说明:
|
|
|
|
|
|
|
|
|参数|是否必须|说明|
|
|
|
|
|------|------|------|
|
|
|
|
|client_id|是|应用AppKey|
|
|
|
|
|client_secret|是|应用AppSecret|
|
|
|
|
|scope|是|授权范围|
|
|
|
|
|redirect_uri|是|应用回调地址|
|
|
|
|
|grant_type|是|授权类型|
|
|
|
|
|code|是|code令牌|
|
|
|
|
|
|
|
|
返回说明:
|
|
|
|
|
|
|
|
> {"access_token":"0c69fe76baf0953bec1fadd7afb58a45","refresh_token":"693620e82bca0a372ab7f9fdc6b854df","scope":"8","token_type":"Bearer","expires_in":2000000}
|
|
|
|
|
|
|
|
|
|
|
|
|参数|说明|
|
|
|
|
|------|------|
|
|
|
|
|access_token|token令牌|
|
|
|
|
|refresh_token|刷新令牌|
|
|
|
|
|expires_in|token令牌期限|
|
|
|
|
|id_token|OIDC认证返回|
|
|
|
|
|
|
|
|
|
|
|
|
***********************************************************************************************
|
|
|
|
|
|
|
|
##### Introspection Endpoint
|
|
|
|
|
|
|
|
接口说明:
|
|
|
|
|
|
|
|
访问令牌详细信息
|
|
|
|
|
|
|
|
接口调用请求说明:
|
|
|
|
|
|
|
|
> 请求方式: POST
|
|
|
|
> https://work.ketanyun.com/sso/oauth2/introspect?token=
|
|
|
|
|
|
|
|
> curl https://work.ketanyun.com/sso/oauth2/introspect?token= -X POST
|
|
|
|
|
|
|
|
|
|
|
|
参数说明:
|
|
|
|
|
|
|
|
token
|
|
|
|
通过Oauth授权获取的认证令牌,
|
|
|
|
见: <a href="#authorization-endpoint">Authorization Endpoint</a>
|
|
|
|
<a href="#token-endpoint">Token Endpoint</a>
|
|
|
|
|
|
|
|
返回说明
|
|
|
|
|
|
|
|
{"active":true,"scope":"profile","client_id":"PSeNH9E4fo7yum02YzMw","username":"test@163.com","token_type":"authorization_code","sub":"MmIk9l9lXiFXv9JWKoML"}
|
|
|
|
|
|
|
|
|参数|说明|
|
|
|
|
|------|------|
|
|
|
|
|active|表明当前token是否有效| |
|
|
|
\ No newline at end of file |