Google Account Authentication API for Web App -- OAuth

關於這份文件或是閱讀心得:

我看得亂七八糟、一塌糊塗、越看越不懂。(所以也請不要問我,因為我也看不懂)
只是留下一些閱讀後的紀錄而已。

2009/3/11補充:建議您看完後續兩篇文章後(比較簡單、好入門),再來看這邊,就會有感覺了~

Google Account Authentication API for Web App,相關資料均來自Google網站(http://code.google.com/intl/zh-TW/apis/accounts/docs/OAuth.html

關於這份文件或是閱讀心得:

  • 我看得亂七八糟、一塌糊塗、越看越不懂。(所以也請不要問我,因為我也看不懂)
  • 只是留下一些閱讀後的紀錄而已。

 

不建議繼續看下去................

 2009/3/11補充:建議您看完後續兩篇文章後(比較簡單、好入門),再來看這邊,就會有感覺了~

------------------------------------------------------------------------------------- 

Google Account Authentication(認證) API for Web APPs
 
目前有兩種:OAuth 與 AuthSub
 
 
OAuth ----
    OAuth Protocol
 
認證流程:
(圖片我有修改過。我把上面的流程,區分成幾個小區塊。)
 
 
OAuth有兩種Token ----
  • request tokens(一小時為限,狀態分為unauthorized / authorized
  • access tokens(留存時間較長,但以一個使用者帳號為限)
------------------------------------------------------------------------------------- 
三種OAuth
1.                                 OAuthGetRequestToken
2.                                 OAuthAuthorizeToken
3.                                 OAuthGetAccessToken
 
以下會詳細說明:
 
 
Contact Google for a request token. Google verifies that the requesting web application has been registered with Google. The request token acquired with this request must be first authorized by the end user and then exchanged for an access token; a request token cannot be used to get access to a Google service.
Send a request to: https://www.google.com/accounts/OAuthGetRequestToken with the following query parameters:

 

 

Parameter
Description
oauth_consumer_key
(required) Domain identifying the third-party web application. This is the domain used when registering the application with Google.
oauth_signature_method
(required) Signature algorithm. The legal values for this parameter "RSA-SHA1" or "HMAC-SHA1". Google does not support "PLAINTEXT".
oauth_signature
(required) String generated using the referenced signature method. See Signing Requests.
oauth_timestamp
(required) Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT.
oauth_nonce
(required) Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks.
oauth_version
(optional) The OAuth version used by the requesting web application. This value must be "1.0"; if not provided, Google assumes version 1.0 is in use.
scope
(required) URL identifying the service(s) to be accessed. The resulting token enables access to the specified service(s) only. Scopes are defined by each Google service; see the service's documentation for the correct value. To specify more than one scope, list each one separated with a space. This parameter is not defined in the OAuth standards; it is a Google-specific parameter.
Depending on the type of request sent, these parameters can be placed in:
·           Authorization header of a GET or POST request. Use "Authorization: OAuth". All parameters listed above can go in the header, except for scope, which must go either in the body or in the URL as a query parameter. The example below puts the scope in the body of the request.
·           Body of a POST request. The content type must be "Content-Type: application/x-www-form-urlencoded".
·           As URL query parameters in a GET request.
 
This example asks for a request token to access a user's Calendar and Picasa accounts.
POST /accounts/OAuthGetRequestToken HTTP/1.1
Host: https://www.google.com
Content-Type: application/x-www-form-urlencoded
Authorization:OAuth
oauth_consumer_key
="example.com",
oauth_signature_method
="RSA-SHA1",
oauth_signature
="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
oauth_timestamp
="137131200",
oauth_nonce
="4572616e48616d6d65724c61686176",
oauth_version="1.0"

scope
=http://www.google.com/calendar/feeds http://picasaweb.google.com/data
        成功的話,回應HTPP 200 OK (containing an OAuth request token and a token "secret".)
        失敗的話,回應HTTP 403
 
回應的範例,如下:
oauth_token=ab3cd9j4ks73hf7g&oauth_token_secret=ZXhhbXBsZS5jb20
 
 
Call the Google Authentication service at https://www.google.com/accounts/OAuthAuthorizeToken with the following query parameters:

 

 

Parameter
Description
oauth_token
(required) Request token obtained from Google.
oauth_callback
(optional) URL the user should be redirected to after granting access to a Google service(s). It can include url-encoded query parameters.
hd
(optional) String value identifying a particular hosted domain account to be accessed (for example, 'mycollege.edu').
Use "default" to specify a regular Google account ('username@gmail.com'). This is a Google-specific parameter.
Sample Request
This example shows a request for authorization:
GET https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=ab3cd9j4ks73hf7g&hd=mycollege.edu
Request Authentication Response
Google接受後,會將使用者導向 Google的登入網頁。
1.       The user is asked to verify access to their Google account. Because it's possible for someone to have more than one Google-affiliated account (a regular Google account and one or more hosted accounts), in some cases the user also must specify which account to grant access to. There are two possible paths your users may experience:
o                If you've used the hd parameter to specify an account domain, the user is asked to log in to that account, if they aren't already logged in. (For more information on the hd parameter, see When to use the hd parameter.)
o                If you don't use the hd parameter, the user is put into a "universal login" path, which walks the user through selecting and logging into any type of Google account. Because the universal login process is still in beta, we recommend you use the hd parameter whenever possible. We're continuing to improve the user experience in this area.
2.       Once the user has selected an account and verified access, the Authentication service displays the Google Access Request page (see example). This page:
o                Informs the user that a third party wants access to their Google service.
o                Identifies both the third party and the Google service to be accessed.
o                Prompts the user to confirm that it's OK to give the third party access to their Google service.
3.       If the user denies access, they are redirected to a Google page (see example).
4.       If the user grants access, the referenced request token is immediately authorized.
    • If a callback URL is provided, Google redirects the user to the URL specified in the web application registration.
    •  If no callback URL is provided, Google displays a simple message to the user: "The token has been authorized."
 
回應的範例,如下:
 The token is a text string, up to 256 bytes.
http://www.yourwebapp.com/showcalendar.html?oauth_token=CKF50YzIHxCT85KMAg
 
 
 
 
Contact Google to exchange an authorized request token for an access token. The access token received in response to this request is used to request data from a Google service.
Send an HTTP request to: https://www.google.com/accounts/OAuthGetAccessToken with the following query parameters:

 

 

Parameter
Description
oauth_consumer_key
(required) Domain identifying the third-party web application. This is the domain used when registering the application with Google. This value must be the same as the one provided in OAuthGetRequestToken.
oauth_token
(required) Authorized request token.
oauth_signature_method
(required) Signature algorithm. 簽章的演算法,只支援這兩種"RSA-SHA1" or "HMAC-SHA1". Google does not support "PLAINTEXT".
oauth_signature
(required) String generated using the referenced signature method. See Signing Requests.
oauth_timestamp
(required) Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT.
oauth_nonce
(required) Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks.
oauth_version
(optional) The OAuth version used by the requesting web application. This value must be "1.0"; if not provided, Google assumes version 1.0 is in use.
Depending on the type of request sent, these parameters can be placed in:
·           Authorization header of a GET or POST request. Use "Authorization: OAuth".
·           Body of a POST request. The content type must be "Content-Type: application/x-www-form-urlencoded".
·           URL query part of a GET request.
For more details, see the OAuth specification, Section 5.2.
Sample Request
This example asks for an access token.
POST /accounts/OAuthGetAccessToken HTTP/1.1
Host:  https://www.google.com
Content-Type: application/x-www-form-urlencoded
Authorization:OAuth
oauth_consumer_key
="example.com",
oauth_token
="CKF50YzIHxCT85KMAg",
oauth_signature_method
="RSA-SHA1",
oauth_signature
="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
oauth_timestamp
="137131200",
oauth_nonce
="4572616e48616d6d65724c61686176",
oauth_version="1.0"
Note: The Authorization should be contained on a single line. Newlines have been inserted for clarity.
Access Token Response
成功的話,Google回應 an HTTP 200 OK message containing an OAuth access token and a token "secret".
失敗的話,HTTP 400 Bad Request.
Sample Response
This example illustrates an OAuth access token returned in the response header.
oauth_token=ab3cd9j4ks73hf7g&oauth_token_secret=ZXhhbXBsZS5jb20
 
 
 
 
 Orz......      Orz......      Orz......      Orz......      Orz......      Orz......      Orz......     Orz...... 
 
文章底下還有,也是一堆我看不懂的鬼東西。
 
找不到什麼好範例來說明。
只是硬K文件,很痛苦,一無所得
 

 

 

我將思想傳授他人, 他人之所得,亦無損於我之所有;

猶如一人以我的燭火點燭,光亮與他同在,我卻不因此身處黑暗。----Thomas Jefferson

線上課程教學,遠距教學 (Web Form 約 51hr)  https://dotblogs.com.tw/mis2000lab/2016/02/01/aspnet_online_learning_distance_education_VS2015

線上課程教學,遠距教學 (ASP.NET MVC 約 135hr)  https://dotblogs.com.tw/mis2000lab/2018/08/14/ASPnet_MVC_Online_Learning_MIS2000Lab

 

寫信給我,不要私訊 --  mis2000lab (at) yahoo.com.tw  或  school (at) mis2000lab.net

 (1) 第一天 ASP.NET MVC5 完整影片(5.5小時 / .NET 4.x版)免費試聽。影片 https://youtu.be/9spaHik87-A 

 (2) 第一天 ASP.NET Core MVC 完整影片(3小時 / .NET Core 6.0~8.0)免費試聽。影片 https://youtu.be/TSmwpT-Bx4I 

[學員感言] mis2000lab課程評價 - ASP.NET MVC , WebForm  。 https://mis2000lab.medium.com/%E5%AD%B8%E5%93%A1%E6%84%9F%E8%A8%80-mis2000lab%E8%AA%B2%E7%A8%8B%E8%A9%95%E5%83%B9-asp-net-mvc-webform-77903ce9680b  


ASP.NET遠距教學、線上課程(Web Form + MVC)。 第一天課程, "完整" 試聽。 

.........   facebook社團   https://www.facebook.com/mis2000lab   ......................

.........  YouTube (ASP.NET) 線上教學影片  https://www.youtube.com/channel/UC6IPPf6tvsNG8zX3u1LddvA/

 

Blog文章 "附的範例" 無法下載,請看 https://dotblogs.com.tw/mis2000lab/2016/03/14/2008_2015_mis2000lab_sample_download

請看我們的「售後服務」範圍(嚴格認定)。

...................................................................................................................................................... 

ASP.NET MVC  => .NET Core MVC 線上教學  ...... 第一天課程 完整內容 "免費"讓您評估 / 試聽

[遠距教學、教學影片] ASP.NET (Web Form) 課程 上線了!MIS2000Lab.主講   事先錄好的影片,並非上課側錄!   觀看時,有如「一對一」面對面講課