基于 HTTP 的访问认证

noyesno

at 2021-07-16

WWW-Authentacate - 服务器告诉客户端认证方式
Authorization - 客户端告诉服务器认证口令——经过加密的

HTTP Basic

binary encode base64 $username:$password

WWW-Authentacate: Basic Realm="ServiceName"

Authorization: Basic $base64_text

HTTP Digest

md5sum $username:$password

HTTP JWT - JSON Web Tokens

signature = HMAC-SHA256($SecretKey, base64($header).base64($payload))
jsw_token = base64(header).base64(payload).$signature

OAuth 1.0

$consumer request -key $consumer_key -secret $consumer_secret
=> (oauth_token, token_secret)
$user request $service -token $oauth_token
$service redirect $consumer -token $oauth_token -code $oauth_code
$consumer request $service -token $oauth_token -code $oauth_code
=> (access_token, access_secret)

OAuth 2.0

$consumer redirect $service -who $client_id
$service redirect $consumer -code $code
$consumer request $service -code $code -who {$client_id $client_secret}
=> (access_token, refresh_token)
$consumer request $service -token $access_token

Authorization: Bearer somecode