What is the purpose of the authentication token in OAuth 2?

0 投票
最新提问 用户: (180 分)

In OAuth 2, the application server makes a request to the API server, and sends along its client_id and client_secret. The API server uses the client_secret to make sure the application is who it says it is (like a password). If the application is authorized to receive the data it requested, the API server will respond with that data.

enter image description here

My understanding is that the API server also responds with an authentication token. Next time the App server wants to make a request of the API server, it could provide the authentication token instead of the client_id and client_secret, and the API server will know that the App server is authorized.

What is the advantage to this? I know the client_secret really needs to be kept secret. But so does the authentication token, right?

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。