Autorisierungscode gewähren
-
Autorisierungsanfrage
-
The application first needs to decide which permissions it is
requesting, then send the user to a browser to get their permission.
To initiate this authorization flow, form a URL as below and redirect
the end user's browser to the URL:
BESTELLE http://<wp_base_url>/wp-json/moserver/authorize
?response_type=code
&client_id= <client_id_goes_here>
&redirect_uri= <callback_url>
&scope= <permissions_requesting>
&state= <security_token>
Antworttyp=Code: The type of response you are
expecting. To recieve authorization code it must have value
Code. This tells authorization server that application is
initiating authorization flow.
Kunden ID : Die vom OAuth-Anbieter bereitgestellte Client-ID.
Redirect_uri: Rückruf-URL, zu der der Benutzer weitergeleitet wird, sobald er den Zugriff auf Ihre App zulässt oder verbietet.
Umfang : Eine oder mehrere durch Leerzeichen getrennte Zeichenfolgen, die die von Ihrer Anwendung angeforderte Berechtigung angeben.
Zustand : The application generates a random string and
includes it in the request. It should then check that the same value
is returned after the user authorizes the app.
If the user allows access to your app, thier browser will be
redirected to the supplied redirect url and request will include
Code und Zustand Parameter in der Abfragezeichenfolge.
Beispielsweise kann der Benutzer zu einer URL wie z. B. zurückgeleitet werden
https://example-app.com/redirect
?code=<authorization-code>
&state=<security_token>
Das Code is Authorization code which can be exchanged for
Access token. It is generated by the authorization server and is
relatively short lived.
Das Zustand is the same security token that the application
initially set in the request.
Token-Anfrage
-
If the end user granted your app access and you receive an
Authorization Code, you can exchange the Authorization Code for an
Access Token by making a POST request to the token endpoint.
- Das Folgende ist ein Beispiel für eine POST-Anfrage:
jetzt lesen http://<wp_base_url>/wp-json/moserver/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
code=<authorization_code>&
client_id=<client_id>&
client_secret=<clientSecret>&
redirect_uri=<redirect_uri>
Hier finden Sie die Beschreibung für jeden Anforderungsparameter.
-
grant_type=authorization_code: The type of grant you
are providing. This tells that the application is using
authorization code grant type.
-
Code: The authorization code recieved in previous
step, included here.
-
Redirect_uri: The same uri that was provided earlier in
the authorization request.
-
Kunden ID : The client ID provided by the OAuth
provider.
-
client_secret: The client secret provided by the OAuth
provider.
At the token endpoint all the parameters in the request will be
verified ensuring that the code hasn't expired and the client id and
secret matches. If the Request is successful, it will generate an
access token and return it in the response:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
{
"access_token":"hkjher92u9eu2u3uihi2eh9293",
"token_type":"bearer",
"expires_in":3600,
"scope":"profile",
"id_token":""
}
Hier ist die Beschreibung für jeden Parameter, der in der Antwort empfangen wird.
-
Zugangstoken : Zugriffstoken für den Userinfo-Endpunkt.
-
token_type: OAuth 2.0 token type value. The value must
be Träger.
-
Läuft ab in : Die Ablaufzeit für das Zugriffstoken.
-
Umfang: One or more space seperated strings which
indicates the permission your application requesting.
-
id_token: The ID Token is a security token that
contains Claims about the authentication of an End-User by an
Authorization Server when using a Client, and potentially other
requested Claims
Wenn die Anfrage fehlschlägt, hat die Antwort den Status
404 Bad Request und wird folgenden Inhalt haben:
"error" : "invalid_request",
"error_description" : "A more detailed description of the error intended for the developer of your app."
Ressourcenanforderung
-
Wenn die Token-Anfrage erfolgreich ist, erhalten Sie
Zugangstoken in the response which can be used to access
the protected resources via the API.
-
Benutzerinfo-Anfrage: The following is a non-formative
example of Userinfo Request:
BESTELLE http://<wp_base_url>/wp-json/moserver/resource
Host: server.example.com
Authorization: Bearer <access_token>
The resource server validate and verify the access token and checks if
it has not expired. If the resource request is valid the resource
server returns the claims which are represented by a JSON object that
contains a collection of name and value pairs for the Claims.
Erfolgreiche Userinfo-Antwort:
The UserInfo Claims MUST be returned as the members of a JSON
object.
Unten ist das Beispiel:
{
"id": "1",
"username": "abc",
"first_name": "xyz",
"last_name": "example",
"picture": "https://example.com/-kwtzesU/photo.jpg",
"email": "abc@example.com",
"locale": "en",...
}
Implizite Codegewährung
-
Autorisierungsanfrage
-
The application first needs to decide which permissions it is
requesting, then send the user to a browser to get their permission.
To initiate this implicit flow, form a URL as below and redirect the
end user's browser to the URL:
Erhalten Sie http://<wp_base_url>/wp-json/moserver/authorize
?response_type=token
&client_id= <client_id_goes_here>
&redirect_uri= <callback_url>
&scope= <permissions_requesting>
&state= <security_token>
Antworttyp=Token: The type of response you are
expecting. This tells authorization server that application is
initiating implicit flow. Note the difference from the Authorization
Code flow where this value is set to code.
Kunden ID : Die vom OAuth-Anbieter bereitgestellte Client-ID.
Redirect_uri: Rückruf-URL, zu der der Benutzer weitergeleitet wird, sobald er den Zugriff auf Ihre App zulässt oder verbietet.
Umfang : Eine oder mehrere durch Leerzeichen getrennte Zeichenfolgen, die die von Ihrer Anwendung angeforderte Berechtigung angeben.
Zustand : The application generates a random string and
includes it in the request. It should then check that the same value
is returned after the user authorizes the app.
If the user allows access to your app, thier browser will be
redirected to the supplied redirect url and request will include
Zeichen und Zustand Parameter in der Abfragezeichenfolge.
Beispielsweise kann der Benutzer zu einer Rückruf-URL wie z. B. zurückgeleitet werden
https://callback-url?
#access_token=<access_token>
&token_type=Bearer
&expires_in=3600
&scope=<permissions_requesting>
Note the two major differences between this and the Authorization Code
flow: the access token is returned instead of the authorization code
in the response.
Der Client kann dann die verwenden Zugangstoken to access
protected resources from Resource server.
Here, is the
description for each parameter received in the response.
-
Zugangstoken : Zugriffstoken für den Userinfo-Endpunkt.
-
token_type: OAuth 2.0 token type value. The value must
be Träger.
-
Läuft ab in : Die Ablaufzeit für das Zugriffstoken.
-
Umfang: One or more space seperated strings which
indicates the permission your application requesting.
Ressourcenanforderung
-
The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns
Claims about the authenticated End-User. The returned Claims are
represented by a JSON object that contains a collection of name and
value pairs for the Claims.
-
Benutzerinfo-Anfrage: The following is a non-formative
example of Userinfo Request:
BESTELLE http://<wp_base_url>/wp-json/moserver/resource
Host: server.example.com
Authorization: Bearer <access_token>
Erfolgreiche Userinfo-Antwort:
The UserInfo Claims MUST be returned as the members of a JSON
object.
Unten ist das Beispiel:
{
"id": "1",
"username": "abc",
"first_name": "xyz",
"last_name": "example",
"picture": "https://example.com/-kwtzesU/photo.jpg",
"email": "abc@example.com",
"locale": "en",...
}
Passwortgewährung
-
The resource owner password (or "password") grant type is mostly used in
cases where the app is highly trusted. In this configuration, the user
provides their resource server credentials (username/password) to the
client app, which sends them in an access token request.
-
Token-Anfrage
-
The Password grant is one of the simplest OAuth grants and involves
only one step: the application presents a traditional username and
password login form to collect the user’s credentials and makes a POST
request to the server to exchange the password for an access token.
The POST request that the application makes looks like the example
below.
jetzt lesen http://<wp_base_url>/wp-json/moserver/token
Host: authorization-server.com
Content-type: application/x-www-form-urlencoded
grant_type=password
&username=exampleuser
&password=12345678
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx
Die POST-Parameter in dieser Anfrage werden unten erläutert.
-
grant_type=Passwort: This tells the server we’re using
the Password grant type
-
Benutzername = The user’s username that they entered in the
application
-
Passwort = The user’s password that they entered in the
application
-
client_id= The public identifier of the application
that the developer obtained during registration
-
client_secret= Das vom OAuth-Anbieter bereitgestellte Client-Geheimnis.
At the token endpoint all the parameters in the request will be
verified ensuring that the code hasn't expired and the client id and
secret matches. If the Request is successful, it will generate an
access token and return it in the response:
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
{
"access_token":"hkjher92u9eu2u3uihi2eh9293",
"token_type":"bearer",
"expires_in":3600,
"scope":"profile",
"id_token":""
}
Der Client kann dann die verwenden Zugangstoken to access
protected resources from Resource server.
Here, is the
description for each parameter received in the response.
-
Zugangstoken : Zugriffstoken für den Userinfo-Endpunkt.
-
token_type: OAuth 2.0 token type value. The value must
be Träger.
-
Läuft ab in : Die Ablaufzeit für das Zugriffstoken.
-
Umfang: One or more space seperated strings which
indicates the permission your application requesting.
Ressourcenanforderung
-
The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns
Claims about the authenticated End-User. The returned Claims are
represented by a JSON object that contains a collection of name and
value pairs for the Claims.
-
Benutzerinfo-Anfrage: The following is a non-formative
example of Userinfo Request:
BESTELLE http://<wp_base_url>/wp-json/moserver/resource
Host: server.example.com
Authorization: Bearer <access_token>
Erfolgreiche Userinfo-Antwort:
The UserInfo Claims MUST be returned as the members of a JSON
object.
Unten ist das Beispiel:
{
"id": "1",
"username": "abc",
"first_name": "xyz",
"last_name": "example",
"picture": "https://example.com/-kwtzesU/photo.jpg",
"email": "abc@example.com",
"locale": "en",...
}
Gewährung von Client-Anmeldeinformationen
-
Client Credentials grant can be used for machine to machine
authentication. In this grant a specific user is not authorized but
rather the credentials are verified and a generic access_token is
returned..
-
Token-Anfrage
-
To receive an access token, the client POSTs an API call with the
values for client ID and client secret obtained from a registered
developer app as follow.
jetzt lesen http://<wp_base_url>/wp-json/moserver/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&
client_id=<client_id>&
client_secret=<clientSecret>&
redirect_uri=<redirect_uri>&
scope=<permisssions_requested>
Anfrageparameter:
- Die POST-Anfrageparameter werden unten erläutert.
-
grant_type=client_credentials: This tells the server
we’re using the client credentials grant type.
-
client_id= Die öffentliche Kennung der Anwendung, die der Entwickler bei der Registrierung erhalten hat.
-
client_secret: The client secret provided by the OAuth
provider.
-
Redirect_uri: Callback Url to which user will be
redirected once they allow or disallow the access to your app.
-
Umfang : One or more space seperated strings which
indicates the permission your application requesting.
If the credentials are valid, the application will receive back a
signed JSON Web Token or access token, the token's type (which is
Bearer), and in how much time it expires in Unix time .
Beispielantwort
{
"access_token": <access_token>,
"expires_in": 600,
"token_type": "Bearer"
}
Antwortelemente:
-
Zugangstoken : Zugriffstoken für den Userinfo-Endpunkt.
- verfällt in Die Ablaufzeit für das Zugriffstoken.
-
token_type: OAuth 2.0 token type value. The value must
be Träger.
Ressourcenanforderung
- Das Gewährung von Client-Anmeldeinformationen nicht unterstützt Ressourcenanforderung.
Token-Zuteilung aktualisieren
-
A Refresh Token allows the application to issue a new Access Token or
ID Token without having to re-authenticate the user. This will work as
long as the Refresh Token has not been revoked.
-
Token-Anfrage
-
The response of token request should contain access token ans
refresh token.
{
"access_token": "etMv23....429hiU32Hri",
"refresh_token": "GEbRxBN...edjnXbL",
"token_type": "Bearer"
}
Verwenden Sie ein Aktualisierungstoken:
To exchange the Refresh Token you received for a new Access Token,
make a POST request to the token endpoint, using
grant_type=refresh_token wie folgt.
jetzt lesen http://<wp_base_url>/wp-json/moserver/token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&
client_id=<client_id>&
client_secret=<client_secret>&
refresh_token=<refresh_token>
Hier finden Sie die Beschreibung für jeden Anforderungsparameter.
-
grant_type=refresh_token: This tells the server
we’re using the refresh token grant type.
-
client_id= The public identifier of the application
that the developer obtained during registration.
-
client_secret: The client secret provided by the
OAuth provider.
- Refresh_token: Das zu verwendende Aktualisierungstoken.
The response will include a new Access Token, its type, its lifetime
(in seconds), and the granted scopes. If the scope of the initial
token included openid, then a new ID Token will be in the response
as well.
Die Antwort enthält die folgenden Parameter:
{
"access_token": "eyJ...MoQ",
"expires_in": 86400,
"scope": <scope>,
"id_token": "eyJ...0NE",
"token_type": "Bearer"
}
Widerrufen Sie ein Aktualisierungstoken
-
Since Refresh Tokens never expire, it is essential to be able to
revoke them in case they get compromised.
-
Um ein Aktualisierungstoken zu widerrufen, können Sie eine senden jetzt lesen request to token
endpoint as follows.
jetzt lesen http://<wp_base_url>/wp-json/moserver/token
Content-Type: application/x-www-form-urlencoded
client_id=<client_id>&
client_secret=<client_secret>&
refresh_token=<refresh_token>
Demo Version
Wenn Sie nicht finden, was Sie suchen, kontaktieren Sie uns bitte unter
info@miniorange.com
oder rufen Sie uns an +1 978 658 9387 to find an answer to your
question about Wordpress OAuth Server.
Sehen Sie sich die Videos an, um mehr zu erfahren
Demo ansehen