Oauth2.0 入门

定义：Oauth协议容许第三方网站app在用户受权后访问你的站点的用户的资源

角色：

resource owner 资源拥有者

An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user.

resource server 资源服务器

The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.

client 客户端

An application making protected resource requests on behalf of the resource owner and with its authorization. The term "client" does not imply any particular implementation characteristics (e.g., whether the application executes on a server, a desktop, or other devices).

authorization server 受权服务器

The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

流程：

1.跳转到受权服务器端受权连接，如用户未登陆则登陆，如已登陆，则受权第三方应用得到受权码auth_code，auth_code临时生成且生存时间很短，在换取access_token后即无效

2.跳转到第三方回调url,带上受权码auth_code

3.第三方应用经过你的sdk或者本身调用api从受权服务器得到资源访问的密钥access_token，同时删除auth_code，access_token也有过时时间，根据应用类型设置过时时间长短

4.refresh_token能够在access_token过时后换取新的access_token

5.使用access_token从资源服务器调用受保护的资源