... | ... | @@ -16,11 +16,11 @@ |
|
|
##### 认证过程:
|
|
|
|
|
|
- 基于Authorization Code的认证请求
|
|
|
详见: <a href="接口说明#1authorization-code-grant">Authorization Endpoint</a>
|
|
|
详见: <a href="OAuth-2.0-集成文档#authorization-endpoint">Authorization Endpoint</a>
|
|
|
|
|
|
- 获取ID Token
|
|
|
|
|
|
使用上一步获得的code来请求Token EndPoint,这一步同OAuth2,详见: <a href="接口说明#1authorization-code-grant-1">Token Endpoint</a>
|
|
|
使用上一步获得的code来请求Token EndPoint,这一步同OAuth2,详见: <a href="OAuth-2.0-集成文档#1authorization-code-grant-1">Token Endpoint</a>
|
|
|
|
|
|
Token EndPoint会返回响应的Token,其中除了OAuth2规定的部分数据外,还会附加一个id_token的字段(见 <a href="#id-token">ID Token</a>)。例如(解密见:https://jwt.io ):
|
|
|
|
... | ... | @@ -52,15 +52,24 @@ Token EndPoint会返回响应的Token,其中除了OAuth2规定的部分数据 |
|
|
|
|
|
```
|
|
|
{
|
|
|
"aud": "zrjYIAsHNf7unfEFmSth",
|
|
|
"iss": "http://w.unpower.org/sso",
|
|
|
"sub": "A2d4jXY6dFtxawsbsAcy",
|
|
|
"exp": 1535475186,
|
|
|
"iat": 1535475066,
|
|
|
"nonce": "c8bd93ad-3930-4ece-a4f4-73bac4fc8baa",
|
|
|
"name": "Alice",
|
|
|
"account": "Alice",
|
|
|
"aud": "WqrO6vGnAKfgbfYtNNNr",
|
|
|
"iss": "https://server.example.com/sso/oauth2",
|
|
|
"jti": "80da7179c66dcc324cf8523175e8a8b8",
|
|
|
"sub": "wQWhfqaPPlDWDSnOLTwf",
|
|
|
"exp": 1702879445,
|
|
|
"iat": 1702879325,
|
|
|
"sid": "5f38e1419c3313b9a27d0405c0ec2c54",
|
|
|
"principal": "USER_CODE",
|
|
|
"tenant": "example.com",
|
|
|
"id": "843d8144-6a35-11e8-beb1-84a6c84ae246"
|
|
|
"external":false,
|
|
|
"openId": "wQWhfqaPPlDWDSnOLTwf",
|
|
|
"loginName": "Alice",
|
|
|
"name": "张三",
|
|
|
"userType": "ITAdmin",
|
|
|
"userName": "Alice",
|
|
|
"account": "Alice",
|
|
|
"email": "alice@example.com.cn",
|
|
|
"userCode": "Alice",
|
|
|
"deptCode": "Dept"
|
|
|
}
|
|
|
``` |
|
|
\ No newline at end of file |