OAuth2 身份认证
遵循标准OAuth2 (RFC 6749 ,RFC 6750) 身份认证标准协议, 后续请求需要附带认证后的accesstoken。
获取token
首先需要获取Access token, 后续所有的请求都需要access token
POST {baseUrl}/oauth/token
Header:
{
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8"
}
Form URL-Encoded:
{
"grant_type": "client_credentials",
"client_id": "你的clientID",
"client_secret": "你的ClientSecret"
}
Response:
{
"access_token": "33549e255dd78d62021f1e845e39cad2d038ec7e",
"token_type": "Bearer",
"expires_in": 3599,
"scope": "*"
}
Curl:
## 获取token
# 获取token, 用于后续的请求
curl -X "POST" "{baseUrl}/oauth/token" \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'Cookie: connect.sid=s%3AS947zHe9kgOpXdObJxH5i_loC6INPaEn.f05krmtbH%2BsBYctf6Vt0nF%2B3dcg4aKsohnvS1mBFmGM'
错误处理
状态码: 400 Bad Request
Response:
invalid_client: Invalid client: cannot retrieve client credentials
说明:
client id 或 client secret 不正确,或该clientId/ClientSecret 已被禁用