跳到主要内容

12. References

  1. 参考文献

12.1. 规范性参考文献

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999.

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999.

[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.

[RFC4627] Crockford, D., "The application/json Media Type for JavaScript Object Notation (JSON)", RFC 4627, July 2006.

[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC 4949, August 2007.

[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008.

[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.

[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)", RFC 6125, March 2011.

[USASCII] American National Standards Institute, "Coded Character Set -- 7-bit American Standard Code for Information Interchange", ANSI X3.4, 1986.

[W3C.REC-html401-19991224] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 Specification", World Wide Web Consortium Recommendation REC-html401-19991224, December 1999, \http://www.w3.org/TR/1999/REC-html401-19991224\``.

[W3C.REC-xml-20081126] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", World Wide Web Consortium Recommendation REC-xml-20081126, November 2008, \http://www.w3.org/TR/2008/REC-xml-20081126\``.

12.2. 信息性参考文献

[OAuth-HTTP-MAC] Hammer-Lahav, E., Ed., "HTTP Authentication: MAC Access Authentication", Work in Progress, February 2012.

[OAuth-SAML2] Campbell, B. and C. Mortimore, "SAML 2.0 Bearer Assertion Profiles for OAuth 2.0", Work in Progress, September 2012.

[OAuth-THREATMODEL] Lodderstedt, T., Ed., McGloin, M., and P. Hunt, "OAuth 2.0 Threat Model and Security Considerations", Work in Progress, October 2012.

[OAuth-WRAP] Hardt, D., Ed., Tom, A., Eaton, B., and Y. Goland, "OAuth Web Resource Authorization Profiles", Work in Progress, January 2010.

[RFC5849] Hammer-Lahav, E., "The OAuth 1.0 Protocol", RFC 5849, April 2010.

[RFC6750] Jones, M. and D. Hardt, "The OAuth 2.0 Authorization Framework: Bearer Token Usage", RFC 6750, October 2012.

Appendix A. 增强巴科斯-瑙尔范式 (ABNF) 语法

本节使用 [RFC5234] 的表示法, 为本规范中定义的元素提供增强巴科斯-瑙尔范式 (Augmented Backus-Naur Form, ABNF) 语法描述. 以下 ABNF 以 Unicode 码点 [W3C.REC-xml-20081126] 定义; 这些字符通常以 UTF-8 编码. 元素按首次定义的顺序列出.

下列某些定义使用 [RFC3986] 中的 "URI-reference" 定义.

下列某些定义使用这些通用定义:

     VSCHAR     = %x20-7E
NQCHAR = %x21 / %x23-5B / %x5D-7E
NQSCHAR = %x20-21 / %x23-5B / %x5D-7E
UNICODECHARNOCRLF = %x09 /%x20-7E / %x80-D7FF /
%xE000-FFFD / %x10000-10FFFF

(UNICODECHARNOCRLF 定义基于 [W3C.REC-xml-20081126] 第 2.2 节中的 Char 定义, 但省略了 Carriage Return 和 Linefeed 字符.)

A.1. "client_id" 语法

"client_id" 元素在第 2.3.1 节中定义:

     client-id     = *VSCHAR

A.2. "client_secret" 语法

"client_secret" 元素在第 2.3.1 节中定义:

     client-secret = *VSCHAR

A.3. "response_type" 语法

"response_type" 元素在第 3.1.1 节和第 8.4 节中定义:

     response-type = response-name *( SP response-name )
response-name = 1*response-char
response-char = "_" / DIGIT / ALPHA

A.4. "scope" 语法

"scope" 元素在第 3.3 节中定义:

     scope       = scope-token *( SP scope-token )
scope-token = 1*NQCHAR

A.5. "state" 语法

"state" 元素在第 4.1.1, 4.1.2, 4.1.2.1, 4.2.1, 4.2.2 和 4.2.2.1 节中定义:

     state      = 1*VSCHAR

A.6. "redirect_uri" 语法

"redirect_uri" 元素在第 4.1.1, 4.1.3 和 4.2.1 节中定义:

     redirect-uri      = URI-reference

A.7. "error" 语法

"error" 元素在第 4.1.2.1, 4.2.2.1, 5.2, 7.2 和 8.5 节中定义:

     error             = 1*NQSCHAR

A.8. "error_description" 语法

"error_description" 元素在第 4.1.2.1, 4.2.2.1, 5.2 和 7.2 节中定义:

     error-description = 1*NQSCHAR

A.9. "error_uri" 语法

"error_uri" 元素在第 4.1.2.1, 4.2.2.1, 5.2 和 7.2 节中定义:

     error-uri         = URI-reference

A.10. "grant_type" 语法

"grant_type" 元素在第 4.1.3, 4.3.2, 4.4.2, 4.5 和 6 节中定义:

     grant-type = grant-name / URI-reference
grant-name = 1*name-char
name-char = "-" / "." / "_" / DIGIT / ALPHA

A.11. "code" 语法

"code" 元素在第 4.1.3 节中定义:

     code       = 1*VSCHAR

A.12. "access_token" 语法

"access_token" 元素在第 4.2.2 和 5.1 节中定义:

     access-token = 1*VSCHAR

A.13. "token_type" 语法

"token_type" 元素在第 4.2.2, 5.1 和 8.1 节中定义:

     token-type = type-name / URI-reference
type-name = 1*name-char
name-char = "-" / "." / "_" / DIGIT / ALPHA

A.14. "expires_in" 语法

"expires_in" 元素在第 4.2.2 和 5.1 节中定义:

     expires-in = 1*DIGIT

A.15. "username" 语法

"username" 元素在第 4.3.2 节中定义:

     username = *UNICODECHARNOCRLF

A.16. "password" 语法

"password" 元素在第 4.3.2 节中定义:

     password = *UNICODECHARNOCRLF

A.17. "refresh_token" 语法

"refresh_token" 元素在第 5.1 和第 6 节中定义:

     refresh-token = 1*VSCHAR

A.18. 端点参数语法

新端点参数的语法在第 8.2 节中定义:

     param-name = 1*name-char
name-char = "-" / "." / "_" / DIGIT / ALPHA

Appendix B. application/x-www-form-urlencoded 媒体类型的使用

在本规范发布时, "application/x-www-form-urlencoded" 媒体类型已在 [W3C.REC-html401-19991224] 第 17.13.4 节中定义, 但尚未注册到 IANA MIME Media Types 注册表 (\http://www.iana.org/assignments/media-types\``). 此外, 该定义并不完整, 因为它没有考虑非 US-ASCII 字符.

为了在使用这种媒体类型生成负载时解决这一不足, 名称和值必须先使用 UTF-8 字符编码方案 [RFC3629] 编码; 生成的八位字节序列随后还需要使用 [W3C.REC-html401-19991224] 中定义的转义规则进一步编码.

当解析使用这种媒体类型的负载中的数据时, 对名称/值编码进行逆操作后得到的名称和值需要作为八位字节序列处理, 并使用 UTF-8 字符编码方案解码.

例如, 由六个 Unicode 码点组成的值 (1) U+0020 (SPACE), (2) U+0025 (PERCENT SIGN), (3) U+0026 (AMPERSAND), (4) U+002B (PLUS SIGN), (5) U+00A3 (POUND SIGN) 和 (6) U+20AC (EURO SIGN), 会被编码为以下八位字节序列 (使用十六进制表示):

     20 25 26 2B C2 A3 E2 82 AC

然后在负载中表示为:

     +%25%26%2B%C2%A3%E2%82%AC

Appendix C. 致谢

最初的 OAuth 2.0 协议规范由 David Recordon 编辑, 基于两份先前发布物: OAuth 1.0 社区规范 [RFC5849] 和 OAuth WRAP (OAuth Web Resource Authorization Profiles) [OAuth-WRAP]. Eran Hammer 随后编辑了许多演进为本 RFC 的中间草案. Security Considerations 一节由 Torsten Lodderstedt, Mark McGloin, Phil Hunt, Anthony Nadalin 和 John Bradley 起草. 关于 "application/x-www-form-urlencoded" 媒体类型使用的一节由 Julian Reschke 起草. ABNF 一节由 Michael B. Jones 起草.

OAuth 1.0 社区规范由 Eran Hammer 编辑, 作者包括 Mark Atwood, Dirk Balfanz, Darren Bounds, Richard M. Conlan, Blaine Cook, Leah Culver, Breno de Medeiros, Brian Eaton, Kellan Elliott-McCrea, Larry Halff, Eran Hammer, Ben Laurie, Chris Messina, John Panzer, Sam Quigley, David Recordon, Eran Sandler, Jonathan Sergent, Todd Sieling, Brian Slesinsky 和 Andy Smith.

OAuth WRAP 规范由 Dick Hardt 编辑, 作者包括 Brian Eaton, Yaron Y. Goland, Dick Hardt 和 Allen Tom.

本规范是 OAuth 工作组的成果, 该工作组包括数十位活跃且投入的参与者. 尤其是以下人员贡献了想法, 反馈和文字, 共同塑造并形成了最终规范:

Michael Adams, Amanda Anganes, Andrew Arnott, Dirk Balfanz, Aiden Bell, John Bradley, Marcos Caceres, Brian Campbell, Scott Cantor, Blaine Cook, Roger Crew, Leah Culver, Bill de hOra, Andre DeMarre, Brian Eaton, Wesley Eddy, Wolter Eldering, Brian Ellin, Igor Faynberg, George Fletcher, Tim Freeman, Luca Frosini, Evan Gilbert, Yaron Y. Goland, Brent Goldman, Kristoffer Gronowski, Eran Hammer, Dick Hardt, Justin Hart, Craig Heath, Phil Hunt, Michael B. Jones, Terry Jones, John Kemp, Mark Kent, Raffi Krikorian, Chasen Le Hara, Rasmus Lerdorf, Torsten Lodderstedt, Hui-Lan Lu, Casey Lucas, Paul Madsen, Alastair Mair, Eve Maler, James Manger, Mark McGloin, Laurence Miao, William Mills, Chuck Mortimore, Anthony Nadalin, Julian Reschke, Justin Richer, Peter Saint-Andre, Nat Sakimura, Rob Sayre, Marius Scurtescu, Naitik Shah, Luke Shepard, Vlad Skvortsov, Justin Smith, Haibin Song, Niv Steingarten, Christian Stuebner, Jeremy Suriel, Paul Tarjan, Christopher Thomas, Henry S. Thompson, Allen Tom, Franklin Tse, Nick Walker, Shane Weeden, and Skylar Woodward.

本文档在 Blaine Cook, Peter Saint-Andre, Hannes Tschofenig, Barry Leiba 和 Derek Atkins 主持下完成. 领域主任包括 Lisa Dusseault, Peter Saint-Andre 和 Stephen Farrell.

Author's Address

Dick Hardt (editor) Microsoft

EMail: [email protected] URI: http://dickhardt.org/