3, the client obtains the authorization code, the application server requests the authentication token
process invisible to the user, the client application requests the authentication server, the request carries the authorization code.
4, the authentication server responds to the client token
authentication server to verify the client request an authorization code, if it is a legitimate issue to the client token, token is a client access resources permit.
This interactive process invisible to the user, when the client to get the token, see the user has logged in successfully programmers dark horse.
5, the client requests a resource server resource
client carries the resource token to access the server's resources.
Dark Horse programmer website carries a token request access to micro-channel server to obtain basic information about the user.
6, the server returns a resource protected resources
legitimacy of the resource server verification token, if a legitimate resource information content in response to the user.
Note: The resource server and authentication server can be a separate service can also service, if the service is separate server resources are usually requests the authentication server to verify the legitimacy of the token.
Oauth2.0 authentication process is as follows: Protocol cited Oauth2.0 rfc6749 https://tools.ietf.org/html/rfc6749
Oauth2 include the following:
1, the client itself is not stored resources, the need to request a resource server resources by empowering resource owners, such as: studies online Android client, studies online Web client (browser), micro-letter clients.
2, resource owners
typically users, applications may also be that the owner of the resource.
3. Authorization server (also known as authentication server)
is used to authenticate the identity of resources have, access to resources for authorization. To access the client needs to get access to resources by the authentication server authorized by the resource owner.
4, the resource server
storage resources of the server, for example, learn to network user management server stores user information science into the net, learning to network learning server stores the student's learning information, micro-channel resources to service user information is stored micro letter and so on. The client eventually get access to the resource server resource information.
2.2.2 Oauth2 in the application of this project
Oauth2 is an open standard authorization protocol, the application can according to their own requirements to use Oauth2, this project uses Oauth2 achieve the following objectives:
1, to access online learning resources to third-party systems
2 external system access to online learning resources
3, the front-line studies (clients) to access online learning resources into micro-services.
4, learn to access resources between the online micro-services, such as: micro-micro-services access service A resource B, resource B to access A's.
2.3 Spring security Oauth2 authentication solutions
This project uses Spring security + Oauth2 complete user authentication and user authorization, Spring security is a powerful and highly customizable authentication and access control framework, Spring security framework integrates Oauth2 agreement Below is certified project architecture diagram:
1, the user authentication service request to complete certification.
2 sends the user identity under token authentication service, have an identity token represents the identity of legitimate.
3, the user carries the token request resources service, the service must first request resources through the gateway.
4, gateway check user identity token legal and illegal means that the user is not logged, if the release legally continue to have access.
5, resource services get a token, according to complete the authorization token.
6, the resource service to complete the authorization response resource information.