Abstract:The essential problem of open platform is the validation and authorization of users. Nowadays, OAuth is the international authorization method. Its characteristic is that users could apply to visit their protected resources without the need to enter their names and passwords in the third application. The latest version of OAuth is OAuth2.0 and its operation of validation and authorization are simpler and safer. This paper investigates the principle of OAuth2.0, analyzes the procedure of Refresh Token and offers a design proposal of OAuth2.0 server and specific application examples.