The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.
一、基本腦圖
二、四種方式流程圖
1. 授權碼
2. 隱藏式
3. 密碼式
4. 客戶端憑證
三、令牌更新
驗證通過後會返回兩個令牌
1、獲取數據的令牌
2、獲取新令牌的令牌(refresh_token)
使用refresh_token獲取新的令牌。