如何生成OAuth 2客户端ID和密码
我想使用.NET生成客户端ID和客户端密钥。我阅读了OAuth 2规范,例如,此处未指定客户端密码的大小。是否有使用.NET Framework生成客户端ID和客户端密钥的好习惯??
I want to generate client id and client secret using .NET. I read the OAuth 2 specification and for example the size of client secret is not specified there. Is there a good practice for generating client id and client secret using .NET framework???
以第2.2节说:
授权服务器向注册的客户端颁发客户端
标识符-表示客户端提供的注册
信息的唯一字符串。客户标识符不是
机密;它暴露给资源所有者,绝不能单独使用
进行客户端身份验证。客户标识符对于授权服务器
是唯一的。
The authorization server issues the registered client a client identifier -- a unique string representing the registration information provided by the client. The client identifier is not a secret; it is exposed to the resource owner and MUST NOT be used alone for client authentication. The client identifier is unique to the authorization server.
此
规范未定义客户标识符字符串的大小。客户应避免对
标识符大小进行假设。授权服务器应该记录它发布的任何标识符的大小
。
The client identifier string size is left undefined by this specification. The client should avoid making assumptions about the identifier size. The authorization server SHOULD document the size of any identifier it issues.
因此您可以自己定义客户端标识符。这取决于您的选择。您可以使用 System.Guid 来简单地生成一个,或者使用uid + systemTime,还可以对其进行哈希,加密或其他操作。
So you can define the client identifier by yourself. It depends your choice. You can use System.Guid to generate one simply, or use uid + systemTime, also you can Hash it, encrypt it or anything you want else.
但是客户机密应该是加密强度高的随机字符串。您可以生成这样的内容:
But the client secret should be a cryptographically strong random string. You can generate one like this:
RandomNumberGenerator cryptoRandomDataGenerator = new RNGCryptoServiceProvider();
byte[] buffer = new byte[length];
cryptoRandomDataGenerator.GetBytes(buffer);
string uniq = Convert.ToBase64String(buffer);
return uniq;
此外,您还可以使用加密哈希函数()来对UUID + SystemTime + somthingelse进行哈希处理以自己实现。
Also you can use cryptographic hash functions() to hash UUID+SystemTime+somthingelse to implement it yourself.
如果您想了解更多做法,可以参考一些从这里打开实现。
If you want to know more practices, you can refer to some open implementations from here.