为访问令牌交换代码时 redirect_uri 参数的用途
Purpose of redirect_uri parameter when exchanging code for access token
Oauth2 的 RFC 指出在生成授权代码时指定的 redirect_uri 必须包含在请求中 以交换访问令牌的代码。
来自 RFC:
4.1.3. Access Token Request
The client makes a request to the token endpoint by sending the
following parameters using the "application/x-www-form-urlencoded"
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:
[...]
redirect_uri
REQUIRED, if the "redirect_uri" parameter was included in the
authorization request as described in Section 4.1.1, and their
values MUST be identical.
https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
为什么在交换访问令牌代码时需要 redirect_uri?这有什么好处?
它在
10.6。授权代码重定向 URI 操作:
Oauth2 的 RFC 指出在生成授权代码时指定的 redirect_uri 必须包含在请求中 以交换访问令牌的代码。
来自 RFC:
4.1.3. Access Token Request
The client makes a request to the token endpoint by sending the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body:
[...]
redirect_uri
REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.
https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
为什么在交换访问令牌代码时需要 redirect_uri?这有什么好处?
它在 10.6。授权代码重定向 URI 操作: