Problems in setting Authorization and Content-Type of client request headers for authenticator mode in Oauth2.0

after reading teacher Ruan Yifeng"s tutorial, I wrote an authentication server against myself, and now the process is basically working, but there are the following questions in the step of "the client applies for a token from the server with the authorization code":

first of all, the example of the request given in the tutorial is:

POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

question 1:
should the header Authorization: Basic be followed by encrypted cliect_id+slient_secret?
after receiving the request, the authentication server parses the Authorization, to verify the validity of the client according to the information after the Basic.

question 2:
can the header Content-Type be set to applicaction/json? I searched the information and said that the type "application/x-www-form-urlencoded"" is generally used for form form submission. Can I change it to application/json if I don"t use the form form here?

question 3:
is it OK to return response.send () directly after the token is generated, or is it better to save it to session or somewhere else to return it to the client?

(at present, both code and token are generated by randomly generated strings and hashes in the Crypto package. I don"t know if there is any other way to optimize it, such as bringing relevant information in the generated token.)

Mar.28,2021

for your question 1: you can go to Base decoding and get the answer yourself. In the middle, I remember: connect

question 2: what tools do you use when debugging? If you use PostMan, to change the head to applicaion/json, test it yourself

question 3: the generated access_toen is generally stored, and it is best to set the timeliness of the third-party certificate.

question 3 can refer to the third-party login using oauth2.0, such as Wechat, Weibo, and github,. If you look at the docking document, you will understand that a noun (session_key) is involved

.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b33460-2be63.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b33460-2be63.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?