问题
Is it possible to implement OAuth(Open Authorization) 2.0 or 1.0 in HTTP Module.
Why i m choosing this because, each and every request will first reaches the HTTP Module, so from that request i have to authenticate
Is it possible ?
If YES means , please like a related link for that
Help me..
回答1:
Yes, this is possible. In fact mod_auth_openidc does exactly that for Apache (and for OpenId Connect, which is a protocol built on OAuth2).
More on the scenario here: https://auth0.com/blog/2014/08/22/sso-for-legacy-apps-with-auth0-openid-connect-and-apache/
回答2:
I'm going to add to Eugenio's answer by saying that mod_auth_openidc supports two modes of operation:
it can function as an OpenID Connect Relying Party authenticating users by consuming and verifying ID tokens, access tokens and refresh tokens as issued by an OpenID Connect Provider; it will relay information about the authenticated user (and possibly the tokens themselves) to the protected application that runs on or behind the Apache server
it can function as an OAuth 2.0 Resource Server, controlling access from OAuth 2.0 clients by consuming and verifying access tokens that have been issued by an OAuth 2.0 Authorization Server; it can pass on information associated with the access token to the protected application that runs on or behind the Apache server
For both cases, Apache's Require logic can be used to enforce access based on certain claims that are present in the ID token resp. access token.
Update April 12, 2019:
There's now a dedicated module to handle the OAuth 2.0 Resource Server functionality: https://github.com/zmartzone/mod_oauth2
来源:https://stackoverflow.com/questions/25996603/oauth-2-0-authentication-in-http-module