14 Eylül 2023 Perşembe

OAuth2 Client Credentials Grant - Sunucular Arasında Kullanılır

Giriş
Açıklaması şöyle.
Intended for the server-to-server authentication, this flow describes an approach when the client application acts on its own behalf rather than on behalf of any individual user. In most scenarios, this flow provides the means to allow users to specify their credentials in the client application, so it can access the resources under the client’s control.
Açıklaması şöyle. İnsan müdahalesi olmadan bilgisayarlar arasında kullanılır.
The OAuth 2.0 Client Credentials Grant type is exclusively used for scenarios in which no user exists (CRON jobs, scheduled tasks, other data workloads, etc.).
...
The goal of the Client Credentials Grant is to allow two machines to communicate securely. In this grant type, you have a client (think of this as your application) making API requests to another service (this is your resource server).
Bundan önce Basic Authentication vardı. Açıklaması şöyle.
Before OAuth 2.0, the way developers handled server-to-server authentication was with HTTP Basic Auth. Essentially, this boiled down to a developer that would send over a server’s unique username and password (often referred to as an ID and secret) on each request. The API service would then validate this username and password on every request by connecting to a user store (database, LDAP, etc.) in order to validate the credentials.
Akış şöyle
     +---------+                                  +---------------+
     |         |                                  |               |
     |         |>--(A)- Client Authentication --->| Authorization |
     | Client  |                                  |     Server    |
     |         |<--(B)---- Access Token ---------<|               |
     |         |                                  |               |
     +---------+                                  +---------------+
Örnek
URL'ye şöyle yazarız. Yani Client Credentials gönderiyoruz
localhost:8080/oauth/token?grant_type=client_credentials&scope=any
Diğer parametreleri de eklemek gerekir. Açıklaması şöyle
Please make sure you've added your clientId and client secret in the basic auth header of the authorization tab in postman and you get a successful response like this.
Yani Authorization sekmesinde Basic Auth seçilir. Username Password alanları doldurulur

Cevap olarak şuna benzer bir şey alırız. Yani Access Token alıyruz
{
  "access_token": "qbE0ipKzzX5FNj3OVe8LWu40T_s",
  "token_type": "bearer",
  "expires_in": 43199,
  "scope": "any"
}

at
Labels:

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)