OAuth 2.0授权头

我想开发一个封装 OAuth 2.0函数的 SDK。我已经检查了 OAuth 1.0和2.0之间的区别,我对授权头(1.02.0 ) ,OAuth 1.0协议参数可以使用 HTTP“ Authorization”头进行传输,但是我在当前的 OAuth 2.0草案中找不到对此的描述。

OAuth 2.0支持授权头吗?

在 OAuth 1.0中,您的头部看起来像:

Authorization: OAuth realm="Example",
oauth_consumer_key="0685bd9184jfhq22",
oauth_token="ad180jjd733klru7",
oauth_signature_method="HMAC-SHA1",
oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
oauth_timestamp="137131200",
oauth_nonce="4572616e48616d6d65724c61686176",
oauth_version="1.0"
200309 次浏览
小开

You can still use the Authorization header with OAuth 2.0. There is a Bearer type specified in the Authorization header for use with OAuth bearer tokens (meaning the client app simply has to present ("bear") the token). The value of the header is the access token the client received from the Authorization Server.

It's documented in this spec: https://www.rfc-editor.org/rfc/rfc6750#section-2.1

E.g.:

   GET /resource HTTP/1.1
Host: server.example.com
Authorization: Bearer mF_9.B5f-4.1JqM

Where mF_9.B5f-4.1JqM is your OAuth access token.

小开

For those looking for an example of how to pass the OAuth2 authorization (access token) in the header (as opposed to using a request or body parameter), here is how it's done:

Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42
小开

I just want to specify that you can use "Property Expansion" in the header value as well to Automation your proccess.

( Actually i use a property transfer too, to transfer token into my TestSuite property and then as you can see return it with "${#TestSuite#token}" )

example:

property expension

Sources :

Best regards community !


提交答案