Flow of OAuth2.0 authorization code mode

there is a blog about the flow of OAuth2.0 authorization code mode:

Authorization Code Mode (authorization code) Authorization process:

the authorization verification process of obtaining Access Token through Authorization Code, also known as Web Server Flow, is suitable for all server-side applications, such as Web/Wap sites, mobile / desktop client applications with server side, and so on. Generally speaking, the overall process consists of the following steps:

1. Request the authorization server through client_id to obtain the Authorization Code.

2. Request the authorization server through Authorization Code, client_id and client_secret. After verifying whether the Authorization Code is invalid and whether the accessed client information is valid (matching the transmitted client_id and client_secret information with the client information saved by the server), the authorization server generates Access Token and Refresh Token and returns them to the client.

3. Through the Access Token request resource service application, the client obtains the resource information that is needed and within the scope of the Access Token permission of the application.

question:
to establish a scenario, the problem may be a little clearer:
scenario: for example, when you log in with Wechat for the first time on Douyin, the user"s action is as follows: after clicking the Wechat icon in Douyin, the user will jump to a page with a login button, and click the login button in one action to complete the login. Compared with the three steps written by the blog above, the questions are as follows:

question 1: step 1 says, "request authorization to the server through client_id." when was the cilent_id generated?
question 2: step 2 says, "authorize the server to generate Access Token and Refresh Token and return them to the client". Here, whether the "return to the client" is returned to the Douyin server or Douyin mobile app?.
question 3: there are three roles in the authorization process, as shown in the following figure:

clipboard.png

when the user presses the login button in Douyin"s Wechat login interface, does Douyin app send a request directly to Wechat server to complete authorization, or Douyin app sends a request to Douyin server, and then Douyin server sends a request to Wechat server to complete authorization?

Please help the boss to sort out this process, it"s a bit of a mess, thank you.

May.28,2021

Question1:
Douyin users can log in through Wechat on the premise that Douyin first applies to Wechat for permission. That is to say, Douyin asks Wechat to say, "allow your users to log in to Douyin ~", and then Wechat will give Douyin a client_id and client_secret if he agrees to Douyin's application.

question 2:
you should return directly to the Douyin server. After getting the Douyin server, consider how to use it (such as cookie,session or storing a database, etc.)

question 3:

clipboard.png
after clicking the small icon of Wechat, first request Douyin's server. Douyin's server will reconstruct a url as the address to request authorization from Wechat (for example, with redirect_uri,grant_type,client_id and other parameters), and then redirect to the newly built url

.

1. Client_id is obtained by Douyin after creating Douyin APP on Wechat open platform before using Wechat to log in.
2, Douyin server
3, first go to Douyin server, Douyin server then construct an authorized URL, and then redirect to this authorized URL,. The URL here refers to Wechat's authorized server

.
Menu