|
|
|
|
@ -2635,22 +2635,19 @@
|
|
|
|
|
<a name="rfc.section.3.1.2.4"></a> |
|
|
|
|
|
|
|
|
|
<h3>3.1.2.4. |
|
|
|
|
Authorization Server Obtains End-User Consent/Authorization</h3> |
|
|
|
|
授权服务器获取最终用户(End-User)同意/授权</h3> |
|
|
|
|
|
|
|
|
|
<p> |
|
|
|
|
Once the End-User is authenticated, the Authorization Server MUST |
|
|
|
|
obtain an authorization decision before releasing information |
|
|
|
|
to the Relying Party. |
|
|
|
|
When permitted by the request parameters used, |
|
|
|
|
this MAY be done through an interactive dialogue with the End-User |
|
|
|
|
that makes it clear what is being consented to |
|
|
|
|
or by establishing consent via conditions for processing the request or |
|
|
|
|
other means (for example, via previous administrative consent). |
|
|
|
|
Sections <a class="info" href="#IDToken">2<span> (</span><span |
|
|
|
|
class="info">ID Token</span><span>)</span></a> and |
|
|
|
|
一旦最终用户(End-User)通过认证, 授权服务器必须(MUST)在给 |
|
|
|
|
信任方(Relying Party)响应(releasing)信息前获取一个最终用户授权决定. |
|
|
|
|
当允许的请求参数使用时, |
|
|
|
|
或许(MAY)是通过一个与最终用户的交互式对话(interactive dialogue), |
|
|
|
|
使它明确什么是同意或通过建立同意,通过条件处理的请求 |
|
|
|
|
或其他方式(如通过之前的管理(administrative)同意). |
|
|
|
|
章节 <a class="info" href="#IDToken">2<span> (</span><span |
|
|
|
|
class="info">ID Token</span><span>)</span></a> 和 |
|
|
|
|
<a class="info" href="#UserInfo">5.3<span> (</span><span |
|
|
|
|
class="info">UserInfo Endpoint</span><span>)</span></a> describe |
|
|
|
|
information release mechanisms. |
|
|
|
|
class="info">UserInfo Endpoint</span><span>)</span></a> 描述相关信息机制. |
|
|
|
|
|
|
|
|
|
</p> |
|
|
|
|
<a name="AuthResponse"></a><br> |
|
|
|
|
@ -2665,33 +2662,28 @@
|
|
|
|
|
<a name="rfc.section.3.1.2.5"></a> |
|
|
|
|
|
|
|
|
|
<h3>3.1.2.5. |
|
|
|
|
Successful Authentication Response</h3> |
|
|
|
|
成功的认证响应</h3> |
|
|
|
|
|
|
|
|
|
<p> |
|
|
|
|
An Authentication Response is an OAuth 2.0 Authorization Response |
|
|
|
|
message returned from the |
|
|
|
|
OP's Authorization Endpoint in response to the Authorization Request |
|
|
|
|
message sent by the RP. |
|
|
|
|
|
|
|
|
|
一个认证响应(An Authentication Response)是一个OAuth2.0的授权响应信息, |
|
|
|
|
是从OP的授权端点(Authorization Endpoint)响应并返回从RP发送的 |
|
|
|
|
授权请求(Authorization Request)消息. |
|
|
|
|
</p> |
|
|
|
|
|
|
|
|
|
<p> |
|
|
|
|
When using the Authorization Code Flow, the Authorization Response |
|
|
|
|
MUST return the parameters defined in Section 4.1.2 of |
|
|
|
|
在使用授权码流程时, 认证响应必须(MUST)返回的参数是定义在 |
|
|
|
|
<a class="info" href="#RFC6749">OAuth 2.0<span> (</span><span |
|
|
|
|
class="info">Hardt, D., “The OAuth 2.0 Authorization Framework,” October 2012.</span><span>)</span></a> |
|
|
|
|
[RFC6749] |
|
|
|
|
by adding them as query parameters to the |
|
|
|
|
<tt>redirect_uri</tt> specified in the Authorization Request |
|
|
|
|
using the <tt>application/x-www-form-urlencoded</tt> format, |
|
|
|
|
unless a different Response Mode was specified. |
|
|
|
|
协议4.1.2章节中的并在授权请求时通过<tt>redirect_uri</tt> 指定添加的查询参数 |
|
|
|
|
且使用 <tt>application/x-www-form-urlencoded</tt>格式, |
|
|
|
|
除非指定了其他的响应模式(Response Mode). |
|
|
|
|
|
|
|
|
|
</p> |
|
|
|
|
|
|
|
|
|
<p> |
|
|
|
|
The following is a non-normative example |
|
|
|
|
successful response using this flow |
|
|
|
|
(with line wraps within values for display purposes only): |
|
|
|
|
下面是一个非规范性(non-normative)的, |
|
|
|
|
在该流程中成功响应的示例(仅为了更好的显示使用了换行): |
|
|
|
|
|
|
|
|
|
</p> |
|
|
|
|
|
|
|
|
|
@ -2702,8 +2694,7 @@
|
|
|
|
|
</pre> |
|
|
|
|
</div> |
|
|
|
|
<p> |
|
|
|
|
For implementation notes on the contents of |
|
|
|
|
the Authorization Code, see <a class="info" href="#CodeNotes">Section 15.5.1<span> (</span><span |
|
|
|
|
有关授权码实现的注意事项内容,请参考 <a class="info" href="#CodeNotes">15.5.1 章节<span> (</span><span |
|
|
|
|
class="info">Authorization Code Implementation Notes</span><span>)</span></a>. |
|
|
|
|
|
|
|
|
|
</p> |
|
|
|
|
|
LSZ
8 years ago