OAuth2 and OpenId 协议学习记录一
用identityserver4搭建了一個環境,通過瀏覽器分析了下整個協議流程
locahost:5003(資源), identityserver4使用的localhost:5001 (授權服務)
以下是從登錄到授權的整個瀏覽器的請求記錄,采用的授權模式是Authorization Code模式
1. 獲取openid-configuration?
url: ?http://localhost:5001/.well-known/openid-configuration
返回結果里包含各種參數:
2.訪問授權端口
url: http://localhost:5001/connect/authorize
請求參數:
client_id: js
redirect_uri: http://localhost:5003/callback.html
response_type: code
scope: openid profile api_scope_1 myprofile
state: d455fa1b04284959840e858763c45f43
code_challenge: fDrZros9i7cftFa9lh0eR-g3i_eYyU0QM5PaaNriHxA
code_challenge_method: S256
response_mode: query
返回 302
Location:
http://localhost:5001/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Djs%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A5003%252Fcallback.html%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520api_scope_1%2520myprofile%26state%3Dd455fa1b04284959840e858763c45f43%26code_challenge%3DfDrZros9i7cftFa9lh0eR-g3i_eYyU0QM5PaaNriHxA%26code_challenge_method%3DS256%26response_mode%3Dquery
?
3.訪問登錄頁面
url:http://localhost:5001/Account/Login
請求參數:
ReturnUrl: /connect/authorize/callback?client_id=js&redirect_uri=http%3A%2F%2Flocalhost%3A5003%2Fcallback.html&response_type=code&scope=openid%20profile%20api_scope_1%20myprofile&state=d455fa1b04284959840e858763c45f43&code_challenge=fDrZros9i7cftFa9lh0eR-g3i_eYyU0QM5PaaNriHxA&code_challenge_method=S256&response_mode=query
?
4.輸入用戶名密碼后驗證
url:http://localhost:5001/Account/Login ?POST
返回 302 Location /connect/authorize/callback?client_id=js&redirect_uri=http%3A%2F%2Flocalhost%3A5003%2Fcallback.html&response_type=code&scope=openid%20profile%20api_scope_1%20myprofile&state=d455fa1b04284959840e858763c45f43&code_challenge=fDrZros9i7cftFa9lh0eR-g3i_eYyU0QM5PaaNriHxA&code_challenge_method=S256&response_mode=query
5.訪問驗證成功后的回調端口
url:
http://localhost:5001/connect/authorize/callback
請求參數:
client_id: js
redirect_uri: http://localhost:5003/callback.html
response_type: code
scope: openid profile api_scope_1 myprofile
state: d455fa1b04284959840e858763c45f43
code_challenge: fDrZros9i7cftFa9lh0eR-g3i_eYyU0QM5PaaNriHxA
code_challenge_method: S256
response_mode: query
返回 302 Location
http://localhost:5003/callback.html?code=0A667EB017A2FBCFFFB37244A3EFF590AA41F7DE318867D61656611E46825AFA&scope=openid%20profile%20api_scope_1%20myprofile&state=d455fa1b04284959840e858763c45f43&session_state=_1I4hK0TpuxJpEVbDZQpIHnW1hNK-Cp3BXDmSJn6HJY.0EA2FD09AF374E4C5AE6C60AAC168E0C
?
6.訪問本地回調頁面
url:http://localhost:5003/callback.html
請求參數:
code: 0A667EB017A2FBCFFFB37244A3EFF590AA41F7DE318867D61656611E46825AFA
scope: openid profile api_scope_1 myprofile
state: d455fa1b04284959840e858763c45f43
session_state: _1I4hK0TpuxJpEVbDZQpIHnW1hNK-Cp3BXDmSJn6HJY.0EA2FD09AF374E4C5AE6C60AAC168E0C
7.訪問獲取令牌端口
http://localhost:5001/connect/token
請求參數:
client_id: js
code: 0A667EB017A2FBCFFFB37244A3EFF590AA41F7DE318867D61656611E46825AFA
redirect_uri: http://localhost:5003/callback.html
code_verifier: 1af65c6b00d84f7b92f42d0275e3920feae3cc9a9da24bdebf9cd44c0212b887bf06b9b3a7b94b66a35839128fa71f0c
grant_type: authorization_code
返回結果
{
"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IkRCRUQyRDcwMzZENzUzOTRENkY4NTFFNjNERTM1RjQwIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1OTgwODI4NDgsImV4cCI6MTU5ODA4MzE0OCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAxIiwiYXVkIjoianMiLCJpYXQiOjE1OTgwODI4NDgsImF0X2hhc2giOiJFQVNRQlcwZjBCYnVkUWZMRmhwM3RRIiwic19oYXNoIjoiR2pnRnFpTHZQdG0xTno0QlktWTdmQSIsInNpZCI6IjBGRTJDODE5NzJBQ0E5Rjg5QTc4Rjk4MjYzRTRCNThDIiwic3ViIjoiNzhhMTYyOWMtN2Y0OS00NjE1LTliYjEtOTVkOTE0MGNhYmIxIiwiYXV0aF90aW1lIjoxNTk4MDgyODQ4LCJpZHAiOiJsb2NhbCIsImFtciI6WyJwd2QiXX0.0eyiMAjK5LLevI6JWkMjIYqmwvkUlQbM84fcFON4eg7K4deShPpbCiRJibIn3iHc-GOgd5sloNM0z2JLIu05py7doKipZP7ywCQDyLo6ERgCma8gtg9w0jpajMLwYxb5isVu85rXc2uSKy7rlDl397IJiHbKRXqwV_NF_RurpHBofBq1F0cvJ1KLilTay0pqUoppgxrMYOi1Zj0yIivtm1hpvTq1p-UKXODFp-O9V3RqaqCoa_c0F0Z_6Yv_hHEygovyJI9nOcLtnpE74yswNOngoxhWvsLbz7XA_2_pVHQGT03sAssJjLYcoPjjJifuna558-qnVq8xKvXKStw_Yg",
"access_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IkRCRUQyRDcwMzZENzUzOTRENkY4NTFFNjNERTM1RjQwIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE1OTgwODI4NDgsImV4cCI6MTU5ODA4MjkwOCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAxIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAxL3Jlc291cmNlcyIsImNsaWVudF9pZCI6ImpzIiwic3ViIjoiNzhhMTYyOWMtN2Y0OS00NjE1LTliYjEtOTVkOTE0MGNhYmIxIiwiYXV0aF90aW1lIjoxNTk4MDgyODQ4LCJpZHAiOiJsb2NhbCIsInBlcm0iOlsib3JkZXJfY3JlYXRlIiwib3JkZXJfbW9kaWZ5Il0sImp0aSI6IkVFRkQyODUzMjhDRjVBM0VGODkyRUY2RDkyRERFQUNCIiwic2lkIjoiMEZFMkM4MTk3MkFDQTlGODlBNzhGOTgyNjNFNEI1OEMiLCJpYXQiOjE1OTgwODI4NDgsInNjb3BlIjpbIm9wZW5pZCIsInByb2ZpbGUiLCJhcGlfc2NvcGVfMSIsIm15cHJvZmlsZSJdLCJhbXIiOlsicHdkIl19.xQox_Ld8Gy6ON4U4Bn_g_amUssBEQoZQkx-Hdy4HD_bwUHNSbhkoBZx9H5ZtjhHk32zenVWQvXC661m8DNLWwr4frWS4in02D4PalIpGYBFkLCDBX12Q36r1GxUfnJD_ZLJYx0Js1kGKqc-lZqGF88zPapJLu7h5fhYT-9QR6_8FKVKrSmpBa_3lHs7haoEbjtK_6-W-j1_U25Y17HXwOCD-C_VDR-rg3rAUbIyLp_4pTT0uFHrI1mUDxDTwHfA79e3q_sDng9j0zGLt9G-IOygs_I4P7gZ_GDTlyCxXDMC3X5WQNkS-_FGQxEx6pUugipTmyWs2VFeI0okFfRIr3g",
"expires_in":60,
"token_type":"Bearer",
"scope":"openid profile api_scope_1 myprofile"
}
8.訪問獲取用戶信息端口
http://localhost:5001/connect/userinfo
Authorization: Bearer [AccessToken]
返回結果:
{"name":"myname","perm":["order_create","order_modify"],"sub":"422c9c45-002e-4761-b681-89cfd6efad5f"}
總結
以上是生活随笔為你收集整理的OAuth2 and OpenId 协议学习记录一的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 【电子电路】五款单按键开关机电路图
- 下一篇: 笔记本玩梦幻西游开启时自动全屏,而且两边