OAuth2.0
OAuth is a security protocol used to secure a large and growing number of web APIs worldwide. It is used to connect different websites, it also supports the connection between native applications and mobile application cloud services, and it is also a security layer in standard protocols in various fields.
(picture source network)
Next, let's talk about what OAuth2.0 is and what it is useful for.
Introduction to OAuth 2.0
Before talking about OAuth2.0, let's talk about OAuth first. You can understand it as a supplement to OpenID, but the service content is completely different. OAuth allows users to authorize third-party websites to access information they store on other website servers without sharing their access permissions or the entirety of their data.
Although OAuth2.0 is a continuation version of the OAuth protocol, it is not forward compatible with OAuth 1.0 (that is, it completely abolishes OAuth1.0). OAuth 2.0 focuses more on the ease of client development, by authorizing the organization's interactions between resource owners and HTTP service providers to represent users, or to obtain access permissions on behalf of users through third-party applications. It also provides dedicated authentication processes for web applications, desktop applications and mobile phones, as well as living room devices.
There is no need for the application to act as the resource owner during this process, because the token explicitly expresses the granted access rights. OAuth2.0 tokens can restrict the client to only perform operations authorized by the resource owner.
While OAuth 2.0 is largely unconcerned about the type of resources it protects, it does fit well with today's RESTful web services, as well as web and native applications. It can handle everything from small single-user applications to Internet APIs with millions of users. In a controlled enterprise environment, it can manage a new generation of internal business APIs and system access, and in the chaotic and complex web environment it has grown up in, it can also protect various user-facing APIs with ease.
OAuth 2.0 features
(picture source network)
The OAuth2.0 framework enables third-party applications to access HTTP services with limited permissions. By building a permission interaction mechanism between resource owners and HTTP services, third-party applications can access services on behalf of resource owners, or by granting permissions to third parties. application to access the service on its own behalf.
As an authorization framework, OAuth 2.0 focuses on how to allow one system component to gain access to another system component. In the world of OAuth 2.0, the most common scenario is that a client application accesses a protected resource on behalf of the resource owner (usually an end user). So far, we need to care about the following components:
1. The resource owner has the right to access the API and can delegate the API access.
2. Protected resources are components that the resource owner has permission to access. There are many forms of such components, most of which are some form of Web API. Resources refer to these APIs that support read, write, and other operations.
3. A client is software that accesses protected resources on behalf of the resource owner. In OAuth 2.0, as long as the software uses the API on the protected resource, it is the client.
After talking about OAuth2.0, we will start to introduce another protagonist we are going to talk about today - low code.
low code
Here we quote the words of industry veterans: "Low-code is based on visualization and model-driven concepts, combined with cloud-native and multi-terminal experience technologies, it can achieve substantial efficiency improvement and cost reduction in most business scenarios, providing professional developers with a A new high-productivity development paradigm. On the other hand, low-code enables people who do not understand code to build applications by "drag-and-drag" developing components. In a sense, low-code can make up for the ever-expanding Professional and technical talent gap, and at the same time promote the ultimate agile form of deep collaboration between business and technology".
The "two lows and one high" in the code world are Low Code, Low Cost, and High Efficiency (low code, low cost, and high efficiency), which refer to the convenience and efficiency brought by the low-code development platform. "The pursuit of the least amount of code, achieve the most business functions”. What is more difficult here is how to balance the flexibility of function realization and the simplicity of operation and learning.
As a new type of development tool, the low-code development platform reduces the amount of code writing, simplifies the development process, shortens the development cycle, improves development efficiency, and saves development costs. A low-code development platform can help users better design and implement requirements. Users only need to focus on business logic, not code writing. Ordinary users can DIY various management software they need after receiving simple training.
After introducing the two protagonists, we will now officially introduce how low-code supports OAuth 2.0.
How low-code supports OAuth 2.0
When the low-code development application platform interacts with the application data of other systems, there are the following two situations:
1. Low-code applications obtain data from third-party systems (such as obtaining data from Taobao and Jingdong)
2. The third-party system obtains data from low-code applications (for example, an MES was developed using low-code, and now other people want to obtain the data of this MES system)
It should be noted here: OAuth 2.0 uses two types of credentials (client\_credentials) and passwords (password).
Authorization settings are required first, log in to the Admin Portal and click on the Settings → Web Security page, as shown below, the administrator can configure the client identifier and password for each third section.
Click the Add Client Authorization button and edit the authorization type, allowed scopes, token lifetime, etc.
Credential implementation
- From the user management portal (check the address: https://gcdn.grapecity.com.cn/showtopic-87565-1-1.html )
2. Obtain the client\_credentials access token.
Here is the list of client\_credentials grant type request parameters:
call result
2. Add a user with an access token. (Status: 200 OK)
Copy the "access\_token" value in step 2 and insert "Bearer" before the "access\_token" value, then add it to the value of the key "Authorization" as shown below and request to add the user again.
call result
cryptographic
1. Obtain a password access token from the user management website (URL: http://xa-dd3-bks:22345/UserService/connect/token ).
Here is the list of password grant type request parameters:
call result
2. Add a user with an access token. (Status: 200 OK)
Copy the "access\_token" value in step 4 and insert "Bearer" before the "access\_token" value, then add it to the value of the key "Authorization" as shown below and request to add the user again.
call result
In this way, we can successfully support OAuth2.0 with low code.
If you are interested in more online demos, you can visit:
https://www.grapecity.com.cn/solutions/huozige/demo/inventory
程序员
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。