问题描述

我正在使用 Apache Oltu 框架实现 OAuth 2.0 提供程序服务器，寻找有关如何在 Java 中生成访问令牌和秘密令牌的一些想法.请指教.

I am implementing the OAuth 2.0 provider server using Apache Oltu framework, looking for some idea on how to generate the access token and secret tokens in java. Please advise.

推荐答案

OAuth 2.0 规范 没有说明如何生成令牌和秘密令牌.因此，您是使用一些现有/锚定数据来生成令牌还是想使用随机序列来生成令牌取决于您.唯一的区别是，如果您使用可能已知的数据(例如用户数据，例如用户名、创建日期加上等)，您可以在需要时随时恢复令牌.如果使用随机数据序列，则令牌丢失后将无法恢复.

OAuth 2.0 specification doesn't tell anything about how to generate token and secret token. Thus it is up to you whether you use some existing/anchor data to generate tokens or you want to use random sequence in order to generate tokens. The only difference is that if you use presumably known data (e.g. user data, such as username, creation date plus etc.) you can restore tokens any time you need that. If you use random sequence of data, then you cannot restore tokens once they are lost.

换句话说，RFC 不会限制您的生成过程.

In other words, RFC doesn't restrict you on generation process.

我可能会使用用户详细信息数据加上一些随机数据的字符串连接，然后进行 Base64 编码.

I would probably use string concatenation of User Details data plus some random data, then do Base64 encoding.

String keySource = username + creationDate + random;
byte [] tokenByte = new Base64(true).encodeBase64(keySource.getBytes());
String token = new String(tokenByte);

这篇关于OAuth 2.0 生成令牌和秘密令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！