Home >Backend Development >PHP Tutorial >OAuth protocol - PHP third-party login protocol, oauth protocol php third-party_PHP tutorial
MOOC.com Badguy teacher ’s conscience course!
There will always be times when I don’t want to do anything, but today’s days don’t allow personal indulgence. I usually only have these few choices: watch course videos, read books, and read novels. . It seems there is still something that can be done. Among them, watching the course videos is a bit boring, and I have to write code by hand. . It’s good to find a good teacher. Well, let’s study with badguy recently~
Take notes
1. About OAuth
The full name is Open Authorization, open protocol;
is a protocol for PHP to implement third-party login ;
The specific implementation is simplified into three major steps;
But this is what I personally recorded:
2. Before logging in
You need to apply/register to the website that "signed" the agreement (websites that plan to enable third-party login, such as MOOC.com to apply via qq);
Get the website’s unique client_id and client_secret;
3. When logging in
The user clicks "Other Login"——" (The first step of the three steps) The website sends a request to the QQ OAuth server, Request Token URL, and requests the service address, as shown below
https://graph.qq.com/oauth/...
client_id=100490398&...
redirect_uri=http://passport.mukewang.com%...
First there is the oauth identifier, then the client_id, and then the redirect_uri redirect address, which is the return address;
——》(Second step) The user sees the third-party login interface and enters information; here the code will be generated based on the user input, which is invisible to the user and generated directly in the background;
——》(Step 3) The QQ auth server returns the status to the website. For security reasons, there is a User authorization URL. There will be code, client_id, client_secret information for verification. At the same time, the code also has a life cycle. (very short, maybe 5s);
4. After logging in
In addition to realizing third-party login, OAuth also allows authorized websites to perform some functions, such as QQ’s one-click posting space. At this time, there is AccessToken (token), which has a normal life cycle. It will be 7 days; if it is gone, you can log in again to apply. There is also RefreshToken, which will automatically refresh the token;
5. Others
Regarding openness, it can refer to internal openness - for example, Taobao one account, Alipay and other Alibaba series can be used;
Externally-for example, Tencent accounts can be inserted everywhere. .
Last picture
I will continue to learn how to log in with QQ and log in with weibo~
-------------Update in 5 minutes-------------
The writing of Huo Ding’s Notes is also good, easy to understand, with pictures and examples, and it takes 5 minutes to read.