新浪微博OAuth2.0 VS OAuth1.0 主要 区别 总结 * OAuth2.0不需要签名了。之前所有的复杂的signatureBaseString计算、appSecret、 tokenSecret什么的都成浮云了,现在所有请求不需要签名了。所有二版微博API都使用HTTPS了。 * 相对于1.0的Request_Token换Auth
新浪微博OAuth2.0 VS OAuth1.0 主要区别总结
* OAuth2.0不需要签名了。之前所有的复杂的signatureBaseString计算、appSecret、 tokenSecret什么的都成浮云了,现在所有请求不需要签名了。所有二版微博API都使用HTTPS了。
* 相对于1.0的Request_Token换Authorization_Code,Authorization_Code再换Access_Token的授权模式,2.0提供了一种更简洁给力的授权码方式:Authorization_Code直接换Access_Token模式。
所以OAuth2.0的登录API只有两个oauth2/authorize和oauth2/accesstoken。其实之前之所以要多一个获取Request_Token的步骤,主要是为了Server来认证Client(还记得申银万国吗),看client是不是一个合法的注册过的Client。
* 当然OAuth2.0不止一种授权模式,共有四种, 新浪微博实现了最主要的3种:授权码式、用户名密码式、隐藏式。
授权码式就是上面提到Authorization_Code直接换Access_Token模式,登录需两步。
用户名密码式可实现一步登录(当然前提是用户得信任你的app才会乖乖给你密码)。
隐藏式也是一步登录,适用于JavaScript等脚本语言做逻辑处理的web客户端。
* OAuth2.0里的Access_Token与1.0里的不同。1.0里包含3个字段: UserID, AccessToken, AccessTokenSecret。2.0里也包含3个字段:
AccessToken, (根据网友"U点意思"提供的情报,2.0的Access_Token字段,每次返回的值不一样。这与1.0中Access_Token字段值永远不变,是个很大的区别)
ExpiresIn (AccessToken的过期时间,按秒计,很短,默认可能是1个小时)
RefreshToken (AccessToken过期时,用来获取新的AccessToken,具体做法是当使用AccessToken时收到类似TokenInvalid或者TokenExpired的错误时,调用oauth2/accesstoken接口传递RefreshToken以获取新的AccessToken)
* OAuth2.0引入了Authorization Server的概念(越来越像微软的WIF-Window Identity Model)。对于我们开发者而言,没必要区分Authorization Server和Resource Server,我们看到的就是新浪微博Server。
* 使用OAuth2.0访问新浪微博API更简单了,只需要传递一个AccessToken值。
* 所有API只返回Json格式了,没有XML格式的了。(这是为虾米)
申明:由于OAuth2.0的协议文档,我尚未仔细阅读,所以理解上可能不够全面精确。广大网友补充。
以上总结结合了新浪微博开放平台上的API v2文档。
Adding Users to MySQL: The Complete TutorialMay 12, 2025 am 12:14 AMMastering the method of adding MySQL users is crucial for database administrators and developers because it ensures the security and access control of the database. 1) Create a new user using the CREATEUSER command, 2) Assign permissions through the GRANT command, 3) Use FLUSHPRIVILEGES to ensure permissions take effect, 4) Regularly audit and clean user accounts to maintain performance and security.
Mastering MySQL String Data Types: VARCHAR vs. TEXT vs. CHARMay 12, 2025 am 12:12 AMChooseCHARforfixed-lengthdata,VARCHARforvariable-lengthdata,andTEXTforlargetextfields.1)CHARisefficientforconsistent-lengthdatalikecodes.2)VARCHARsuitsvariable-lengthdatalikenames,balancingflexibilityandperformance.3)TEXTisidealforlargetextslikeartic
MySQL: String Data Types and Indexing: Best PracticesMay 12, 2025 am 12:11 AMBest practices for handling string data types and indexes in MySQL include: 1) Selecting the appropriate string type, such as CHAR for fixed length, VARCHAR for variable length, and TEXT for large text; 2) Be cautious in indexing, avoid over-indexing, and create indexes for common queries; 3) Use prefix indexes and full-text indexes to optimize long string searches; 4) Regularly monitor and optimize indexes to keep indexes small and efficient. Through these methods, we can balance read and write performance and improve database efficiency.
MySQL: How to Add a User RemotelyMay 12, 2025 am 12:10 AMToaddauserremotelytoMySQL,followthesesteps:1)ConnecttoMySQLasroot,2)Createanewuserwithremoteaccess,3)Grantnecessaryprivileges,and4)Flushprivileges.BecautiousofsecurityrisksbylimitingprivilegesandaccesstospecificIPs,ensuringstrongpasswords,andmonitori
The Ultimate Guide to MySQL String Data Types: Efficient Data StorageMay 12, 2025 am 12:05 AMTostorestringsefficientlyinMySQL,choosetherightdatatypebasedonyourneeds:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseTEXTforlong-formtextcontent.4)UseBLOBforbinarydatalikeimages.Considerstorageov
MySQL BLOB vs. TEXT: Choosing the Right Data Type for Large ObjectsMay 11, 2025 am 12:13 AMWhen selecting MySQL's BLOB and TEXT data types, BLOB is suitable for storing binary data, and TEXT is suitable for storing text data. 1) BLOB is suitable for binary data such as pictures and audio, 2) TEXT is suitable for text data such as articles and comments. When choosing, data properties and performance optimization must be considered.
MySQL: Should I use root user for my product?May 11, 2025 am 12:11 AMNo,youshouldnotusetherootuserinMySQLforyourproduct.Instead,createspecificuserswithlimitedprivilegestoenhancesecurityandperformance:1)Createanewuserwithastrongpassword,2)Grantonlynecessarypermissionstothisuser,3)Regularlyreviewandupdateuserpermissions
MySQL String Data Types Explained: Choosing the Right Type for Your DataMay 11, 2025 am 12:10 AMMySQLstringdatatypesshouldbechosenbasedondatacharacteristicsandusecases:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseBINARYorVARBINARYforbinarydatalikecryptographickeys.4)UseBLOBorTEXTforlargeuns
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
Notepad++7.3.1
Easy-to-use and free code editor
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
