and more and more and more
wombat team 尊享版
https://authorization-server.com/authorize
https://authorization-server.com/token
authorization code
implicit
resource owner
client credentials
How do resource owner verify the token and supply service?
If I'm going to build authorization system, how to manage the clients?
How to implement a RBAC?
Hmm... client works in user-agent, how to persist the token?
Let's think about our website, what about current token implement?
OpenID Connect is trying to solve identity sharing.
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWdlIjoyNSwiYWRtaW4iOnRydWUsImdlbmRlciI6Im1hbGUifQ.ZQxleE14Pl8Kt4SxCN_tBpi8cW2yTiWEKBx5l85oupw
OpenID Connect is light, friendly, simple to dev.
How to deal with legacy systems?
Identity Management is quite a big part.
Keys, certificates, role changes, token expires.
Client management.
Can we buy?
Identity service as Application