基于OAuth2.0的认证授权方案设计与优化
|
摘要
OAuth 2.0是由互联网工程任务组于2012年10月发表在RFC-6749规范文档中定义的认证授权协议,是一种基于HTTP重定向实现的开放授权框架。它允许第三方应用访问该用户在某一网站上存储的特定资源,而无需将用户名和密码提供给第三方应用,大幅提升用户的WEB应用体验。为深入研究OAuth2.0协议的工作原理,使用Nginx服务器、MySQL和Redis数据库设计了一个开放授权应用框架,同时指出OAuth2.0协议应用在授权流程中的不足之处,并给出基于WebSocket监听机制的优化解决方案,为认证授权应用的开发提供参考。
The OAuth 2.0 is a certification of authorization protocol defined in the RFC-6749 specification document published by the Internet Engineering Task Force in October 2012.The OAuth 2.0 is a kind of open authorization framework based on HTTP redirection implementation,which allows the third party applications to access the user's specific resources stored on a web site without having to provide the user name and password to the third party applications.The application of OAuth 2.0 protocol highly promotes the user experience of WEB application.In order to deeply study the working principle of OAuth 2.0 protocol,an open authorization application framework is designed using Nginx server,MySQL and Redis database.At the same time,the deficiencies of OAuth 2.0 protocol in the authorization process are pointed out,and an optimization solution based on WebSocket monitoring mechanism is presented which provides reference for the development of authentication authorization application.
The OAuth 2.0 is a certification of authorization protocol defined in the RFC-6749 specification document published by the Internet Engineering Task Force in October 2012.The OAuth 2.0 is a kind of open authorization framework based on HTTP redirection implementation,which allows the third party applications to access the user's specific resources stored on a web site without having to provide the user name and password to the third party applications.The application of OAuth 2.0 protocol highly promotes the user experience of WEB application.In order to deeply study the working principle of OAuth 2.0 protocol,an open authorization application framework is designed using Nginx server,MySQL and Redis database.At the same time,the deficiencies of OAuth 2.0 protocol in the authorization process are pointed out,and an optimization solution based on WebSocket monitoring mechanism is presented which provides reference for the development of authentication authorization application.
引文
[1]时子庆,刘金兰,谭晓华.基于OAuth2.0的认证授权技术[J].计算机系统应用,2012年03期:260-264.
[2]Microsoft.RFC 6479-2012 The OAuth 2.0 Authorization Framework[S].ISSN:2070-1721.
[3]MTI Systems.RFC 6750-2012.The OAuth 2.0 Authorization Framework:Bearer Token Usage[S].ISSN:2070-1721.
[4]微信.微信公众平台开发者文档[OL].(2017-05-05).https://mp.weixin.qq.com/wiki/home.
[5]Google.Using OAuth 2.0 to Access Google APIs[OL](2017-05-05).https://developers.google.com/identity/protocols/OAuth2.
[6]豆瓣.了解Auth2.0[OL].(2017-05-05).https://developers.douban.com/wiki/?title=oauth2.
[7]维基百科.OAuth[OL].(2017-01-27).https://zh.wikipedia.org/zh-hans/OAuth.
[8]魏成坤,刘向东,石兆军.基于OAuth2.0的认证授权技术研究[J].信息网络安全,2016年09期:6-11.
[9]卢慧锋,赵文涛,孙志峰,游超.社会化网络服务中OAuth2.0的应用研究与实现[J].计算机应用.2014,34(S1):50-54.
[10]Google.RFC 6455-2011.The WebSocket Protocol[S].ISSN2070-1721.
[2]Microsoft.RFC 6479-2012 The OAuth 2.0 Authorization Framework[S].ISSN:2070-1721.
[3]MTI Systems.RFC 6750-2012.The OAuth 2.0 Authorization Framework:Bearer Token Usage[S].ISSN:2070-1721.
[4]微信.微信公众平台开发者文档[OL].(2017-05-05).https://mp.weixin.qq.com/wiki/home.
[5]Google.Using OAuth 2.0 to Access Google APIs[OL](2017-05-05).https://developers.google.com/identity/protocols/OAuth2.
[6]豆瓣.了解Auth2.0[OL].(2017-05-05).https://developers.douban.com/wiki/?title=oauth2.
[7]维基百科.OAuth[OL].(2017-01-27).https://zh.wikipedia.org/zh-hans/OAuth.
[8]魏成坤,刘向东,石兆军.基于OAuth2.0的认证授权技术研究[J].信息网络安全,2016年09期:6-11.
[9]卢慧锋,赵文涛,孙志峰,游超.社会化网络服务中OAuth2.0的应用研究与实现[J].计算机应用.2014,34(S1):50-54.
[10]Google.RFC 6455-2011.The WebSocket Protocol[S].ISSN2070-1721.