OAuth 2.0 Generating Token and Secret Token [closed]

问题

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 6 years ago.

I am implementing the OAuth 2.0 provider server using Apache Oltu framework, looking for some idea on how to generate the access token and secret tokens in java. Please advise.

回答1:

OAuth 2.0 specification doesn't tell anything about how to generate token and secret token. Thus it is up to you whether you use some existing/anchor data to generate tokens or you want to use random sequence in order to generate tokens. The only difference is that if you use presumably known data (e.g. user data, such as username, creation date plus etc.) you can restore tokens any time you need that. If you use random sequence of data, then you cannot restore tokens once they are lost.

In other words, RFC doesn't restrict you on generation process.

I would probably use string concatenation of User Details data plus some random data, then do Base64 encoding.

String keySource = username + creationDate + random;
byte [] tokenByte = new Base64(true).encodeBase64(keySource.getBytes());
String token = new String(tokenByte);

来源：https://stackoverflow.com/questions/17141292/oauth-2-0-generating-token-and-secret-token