java OAuth 2.0 生成令牌和秘密令牌
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17141292/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
OAuth 2.0 Generating Token and Secret Token
提问by willsteel
I am implementing the OAuth 2.0 provider server using Apache Oltu framework, looking for some idea on how to generate the access token and secret tokens in java. Please advise.
我正在使用 Apache Oltu 框架实现 OAuth 2.0 提供程序服务器,寻找有关如何在 Java 中生成访问令牌和秘密令牌的一些想法。请指教。
回答by Sqeezer
OAuth 2.0 specificationdoesn't tell anything about how to generate token and secret token. Thus it is up to you whether you use some existing/anchor data to generate tokens or you want to use random sequence in order to generate tokens. The only difference is that if you use presumably known data (e.g. user data, such as username, creation date plus etc.) you can restore tokens any time you need that. If you use random sequence of data, then you cannot restore tokens once they are lost.
OAuth 2.0规范没有说明如何生成令牌和秘密令牌。因此,您是使用一些现有/锚定数据来生成令牌还是想使用随机序列来生成令牌取决于您。唯一的区别是,如果您使用可能已知的数据(例如用户数据,例如用户名、创建日期加上等),您可以在需要时随时恢复令牌。如果您使用随机数据序列,那么一旦丢失令牌,您将无法恢复。
In other words, RFC doesn't restrict you on generation process.
换句话说,RFC 不会限制您的生成过程。
I would probably use string concatenation of User Details data plus some random data, then do Base64 encoding.
我可能会使用用户详细信息数据加上一些随机数据的字符串连接,然后进行 Base64 编码。
String keySource = username + creationDate + random;
byte [] tokenByte = new Base64(true).encodeBase64(keySource.getBytes());
String token = new String(tokenByte);
