问题
I am using OAuth 2 Authentication in Lumen microframework. Right now i am using the grant_type
value is password
. It throws unsupported_grant_type
, If i am using something different. I want to know the purpose of using grant_type
is password
回答1:
The grant_type
URL parameter is required by OAuth2 RFC for the /token
endpoint, which exchanges a grant for real tokens. So the OAuth2 server knows what you are sending to it. You are using the Resource Owner Password Credentials Grant, so you must specify it with the value password
.
From the OAuth2 RFC:
An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token.
The grant_type=password
means that you are sending a username and a password to the /token
endpoint. If you used the Authorization Code Grant flow, you could use the value authorization_code
. But then you don't send the username+password pair, but a code received from the OAuth2 server after user authentication. The code is an arbitrary string - not human readable. It's nicely shown in the workflow diagrams in the RFC.
来源:https://stackoverflow.com/questions/45055277/what-is-the-purpose-of-grant-type-parameter-in-oauth-2-authentication