donqh00404 2012-05-21 13:17
浏览 34
已采纳

php + oauth:3脚和2脚身份验证有什么区别?

I'm looking at oauth+php example (http://code.google.com/p/oauth-php/wiki/ConsumerHowTo#Two-legged_OAuth). There's two different schemas to get authorized: 3-legged and 2-legged. What's the difference? When should I use each of them?

Thank you in advance!

  • 写回答

2条回答 默认 最新

  • duanhe4155 2012-05-22 01:50
    关注

    The referenced URL provides a decent overview.

    In Google land:

    • 2-legged OAuth (2LO) is typically used for Google Apps. In this scenario, the domain administrator has can pre-approve authorization for an application to access user data on the domain (example: DocuSign can access Google Docs on behalf of all users on the example.com domain). The administrator does this via the Google Apps control panel or by installing the application from the Google Apps Marketplace. Since the approval has happened outside of the OAuth flow-- the application simply needs to prove its' identity, and then the authorization for data access is verified by the API server when a request is made. Typically the application indicates the user on behalf it's making the request using the ?xoauth_requestor_id=user@example.com query parameter in the API calls.
    • 3-legged OAuth (3LO) is when you're directly prompting an end-user for authorization at the time authorization is required. This is the "normal" flow.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥60 ESP32怎么烧录自启动程序
  • ¥50 html2canvas超出滚动条不显示
  • ¥15 java业务性能问题求解(sql,业务设计相关)
  • ¥15 52810 尾椎c三个a 写蓝牙地址
  • ¥15 elmos524.33 eeprom的读写问题
  • ¥15 使用Java milo连接Kepserver服务端报错?
  • ¥15 用ADS设计一款的射频功率放大器
  • ¥15 怎么求交点连线的理论解?
  • ¥20 软件开发方法学习来了
  • ¥15 微信小程序商城如何实现多商户收款 平台分润抽成