Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[re] renren.com oauth implementation

hbrls
November 07, 2012

[re] renren.com oauth implementation

hbrls

November 07, 2012
Tweet

More Decks by hbrls

Other Decks in Technology

Transcript

  1.          

       RR  Service               RR  Client              RR SDK/  Third  Apps  1 第三方app请求sso  取得 App标 识   2 3 请求OAuth服务  验证第三 方应用  4 5 0 User 登录  用户授权信息  展示给用 户,用户 授权  6 返回授权页面  7 生成Token  9 返回Token  A 将Token交给第三方app  验证是否是RR客 户端  8
  2. Access Token的设计  •  Access Token的组成 •  生成Access Token(sig &

    expires)  sig life expires user 1000|2.b9fa896206de940a2b9cf416ffa30e83.3600.1271271600-240650143 type app expires = current + life; //每天随机生成UUID:key date = (Date) current key = getEncryptionKey(date); sig = md5sum(type + life + expires + user + app + key);
  3. Access Token的设计  •  Access Token的检验 if (current > expires)

    return false; date = expires – life; key = getEncryptionKey(date); sig2 = md5sum(type + life + expires + user + app+ key); if (sig == sig2) return true; return false;