标签:style blog http color 使用 strong
用户名-密码身份验证流可用于在身份验证,当用户拥有用户的凭据时。在这个流程中,用户的凭据由应用程序使用,用以请求一个访问令牌,如下列步骤中所示。
此oauth身份验证流来回传递用户凭据。仅当必要时,使用此身份验证流。没有刷新标记将发行。
1.The application uses the user’s username and password to request an access token. This is done via an out-of-band POST request to the appropriate Salesforce(客户管理系统) token request endpoint, such as https://login.salesforce.com/services/oauth2/token. The following request fields(字段) are required:
An example request body might look something like the following:
grant_type=password&client_id=3MVG9lKcPoNINVBIPJjdw1J9LLM82Hn FVVX19KY1uA5mu0QqEWhqKpoW3svG3XHrXDiCQjK1mdgAvhCscA9GE&client_secret= 1955279925675241571&username=testuser%40salesforce.com&password=mypassword123456
Salesforce verifies(验证) the user credentials, and if successful, sends a response to the application with the access token. This response contains the following values:
An example response body might look something like:
{"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P", "issued_at":"1278448832702","instance_url":"https://na1.salesforce.com", "signature":"0CmxinZir53Yex7nE0TD+zMpvIWYGb/bdJh6XfOH6EQ=","access_token": "00Dx0000000BV7z!AR8AQAxo9UfVkh8AlV0Gomt9Czx9LjHnSSpwBMmbRcgKFmxOtvxjTrKW1 9ye6PE3Ds1eQz3z8jr3W7_VbWmEu4Q8TVGSTHxs"}
3.The application users the provided access token to access protected user data. Keep the Following considrations in mind when using the user-agent Oauth flow:
Since the user is never redirected to login at Salesforce in this flow, the user can’t directly authorize the application, so no refresh tokens can be used. If your application requires refresh tokens, you should consider using the Web server or user-agent OAuth flow.
理解the Username-Password OAuth Authentication Flow,布布扣,bubuko.com
理解the Username-Password OAuth Authentication Flow
标签:style blog http color 使用 strong
原文地址:http://www.cnblogs.com/yunxifd/p/3816626.html