GettingStarted with OAuth
There is a course on KnpUniversity that gives you a good overview over oath-implementation in PHP: https://knpuniversity.com/screencast/oauth
You can watch the first two videos for free, after that you can still read the transcription and view the code examples.
Deep dive
If you want to deep dive into OAuth read the official OAuth 2 specification at https://www.rfc-editor.org/rfc/rfc6749. It takes a while and it might be helpful to grab a pen and paper to sketch some flows, but it's quite easy to read.
Protocol Endpoints
To address your question:
A OAuth-Authorization-Server have to has two endpoint: the Authorization Endpoint and the Token Endpoint. Where they are located is not specified!
Google's endpoints are:
facebook's endpoints are:
So you have to find out the URLs to these two endpoints at the authorization server you wan't to use.
Authorizations Grants
The official specification specifies four different ways to obtain authorization at the authorization endpoint called grants.
These are:
- Authorization Code Grant
- Implicit Grant
- Resource Owner Password Credentials Grant
- Client Credentials Grant
Furthermore it is allowed to specify own grant types so have a look for that in the documentation of the endpoint.
The most common grant type is the Authorization Code Grant. I highly recommend to have a look to the specification for understanding grant types: https://www.rfc-editor.org/rfc/rfc6749#section-4. The figures contained are really helpful!
The specification also contains a example for each grant type that explains how to get an access token.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
