我已经托管了oauth-2授权服务器。我发送http://**.***.**.**:9999/security/version1/login和json params
{
"grant_type":"password",
"username":"admin",
"password":"admin",
"client_id":"MyOauth2Client",
"client_secret":"KKJKJKJ9kWEEW]2s]fdhdsP"
}
我可以得到回复
{
"token_type": "Bearer",
"access_token": "MDI4NTQ0ZTEtZDBhZC00MjgyLWJkNDQtNzQxZjNhMjY4YWY0",
"expires_in": 3599,
"refresh_token": "OTFjODViMTQtMDljYi00NTYyLWIwMjEtNTcxY2U0ZGU0OWRj"
}
如何使用这些access_token和refresh_token来保护我作为独立的restful服务托管的安全API?我在每个API调用之前都有安全拦截方法。那么如何实现访问令牌和刷新令牌以保护API呢?