This topic describes the applications that Drive and Photo Service (PDS) supports.
Applications
An application is called a client in OAuth 2.0, which can be considered a tool to manage resources.
PDS supports applications in the following forms:
Web server application with a backend service
Web browser application
Desktop application and mobile application
JSON Web Token (JWT) application
Comparison of application forms
Application type | Form | Whether user authorization such as OAuth 2.0 is required | Scenarios |
Web page + Backend service | Yes | Your application needs to call PDS API operations and also needs a backend service to support other business logic. | |
Web page | Yes | Your application needs to only call PDS API operations. | |
Desktop application or mobile application | Yes | You need to use mobile or desktop applications to access PDS. | |
Server | No | Your application needs to call PDS API operations without user intervention. For example, in scenarios where a backend service, a backend process, or a command line interface (CLI) tool calls PDS API operations or a custom logon method that does not require user intervention is used to access PDS, requests are sent to PDS on behalf of applications, not end users. |
Applications of PDS are classified into official applications and self-managed applications.
Official applications: the applications provided by PDS. The applications can access resources in all domains under authorization.
Self-managed applications: the applications created by customers for different scenarios.
OAuth 2.0
PDS API uses the OAuth 2.0 protocol for authentication and authorization and supports common OAuth 2.0 solutions. For example, you can use web applications and client applications to access PDS based on OAuth 2.0.
To use OAuth 2.0, you must first configure logon methods in the PDS console. For more information, see User systems supported by PDS. Then, create an application to obtain credentials, such as the AppId and AppSecret. Your application sends a request to the PDS authorization server to obtain an access token, extracts the access token from the response, and then uses the access token to call API operations of PDS. Your application can refresh the access token if necessary.
Comparison among OAuth 2.0 access processes for different types of applications
Application type | Form | Value of the response_type parameter for request authorization | Whether an AppSecret is required | Whether an access token can be refreshed |
Web application with a backend service | code | Yes. The | Yes. | |
Desktop application or mobile application | code | No. It is not secure to store the | Yes. Your application can send a request to the PDS authorization server to refresh the | |
Frontend application such as pure JavaScript application, single page application (SPA), or widget | access_token | No. It is not secure to store the | No. |
Select an application type based on the specific scenario.
The OAuth 2.0 access process varies based on different types of applications. For more information, see the following topics:
References
If you want to use signature authentication based on Alibaba Cloud AccessKey pairs, call the AccessKey-based API operations. For more information, see Access by calling AccessKey-based API operations.