OAuth 2.0 Generating Token and Secret Token [closed]

血红的双手。 提交于 2019-12-03 10:05:10

问题


I am implementing the OAuth 2.0 provider server using Apache Oltu framework, looking for some idea on how to generate the access token and secret tokens in java. Please advise.


回答1:


OAuth 2.0 specification doesn't tell anything about how to generate token and secret token. Thus it is up to you whether you use some existing/anchor data to generate tokens or you want to use random sequence in order to generate tokens. The only difference is that if you use presumably known data (e.g. user data, such as username, creation date plus etc.) you can restore tokens any time you need that. If you use random sequence of data, then you cannot restore tokens once they are lost.

In other words, RFC doesn't restrict you on generation process.

I would probably use string concatenation of User Details data plus some random data, then do Base64 encoding.

String keySource = username + creationDate + random;
byte [] tokenByte = new Base64(true).encodeBase64(keySource.getBytes());
String token = new String(tokenByte);


来源:https://stackoverflow.com/questions/17141292/oauth-2-0-generating-token-and-secret-token

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!