Term | Description |
user | A user must log on to Alibaba Cloud before the user can authorize an application to access specific Alibaba Cloud resources. The user can be the owner of an Alibaba Cloud account or a RAM user. |
Alibaba Cloud OAuth 2.0 service | A service that is used to authenticate users and generate tokens for applications to access specific Alibaba Cloud resources on behalf of users. |
OAuth application | An application that can access Alibaba Cloud resources after being authorized by a user and obtains tokens of the user. The OAuth 2.0 service supports the following types of applications: WebApp: a web application. NativeApp: a native application that runs on an operating system, such as a desktop operating system or a mobile operating system. ServerApp: an application that can access Alibaba Cloud services without the need for manual user logon. User synchronization based on the System for Cross-Domain Identity Management (SCIM) protocol is supported.
Applications can be classified into the following types based on their ownership: Enterprise applications: applications that you develop and use OAuth 2.0 to obtain Alibaba Cloud identities of users. Third-party applications: applications that you authorize others to develop to obtain your Alibaba Cloud identity.
|
OAuth scope | The scope within which an application is allowed to access Alibaba Cloud resources on behalf of a user. The following scopes are supported: openid: obtains the OpenID of the user. This is the default scope and cannot be deleted.
Note The obtained OpenID is a string that uniquely identifies a user. However, the OpenID does not contain information such as the Alibaba Cloud UID and username of the user. If you want to obtain the information, you must add the aliuid and profile scopes. aliuid: obtains the Alibaba Cloud UID of the user. profile: obtains the profile such as the username of the user. /acs/ccc: calls Alibaba Cloud Call Center API. /acs/alidns: calls Alibaba Cloud DNS API. /acs/scim: accesses Cross-Domain Identity Management. /acs/digitalstore: accesses Digital Store. /acs/scsp: accesses Smart Customer Service Platform. /acs/cloudgame: accesses Cloud Gaming Platform. /acs/aiccs: accesses Artificial Intelligence Cloud Call Service. /acs/cloudesl: calls Alibaba Cloud CloudESL API. /acs/alimt: accesses Machine Translation.
|
token | The token that is issued by OAuth 2.0 to an application. ID token: This type of token contains only user identity information and cannot be used to access Alibaba Cloud resources. Access token: This type of token contains user identity information and the OAuth scopes of an application. This type of token can be used to access Alibaba Cloud resources within the specified OAuth scopes. Refresh token: This type of token can be used to obtain new access tokens.
|
Alibaba Cloud API | The API that an application can call to access Alibaba Cloud resources. |