Windows Live Connect客户端ID是秘密吗? [英] Is the Windows Live Connect Client ID a secret?
问题描述
我刚开始使用Windows Phone应用程序开发。我正在使用Live Connect API,我对凭据感到困惑。当我在Live Connect开发人员中心配置我的应用程序时,我获得了ClientID和Secret。但是我似乎没有
在我的应用程序中使用这个秘密,但我只能重新生成这个秘密,MS说:"出于安全考虑,不要与任何人分享你的客户机密。"什么阻止使用ClientID欺骗我的应用程序的人?
I've just started Windows Phone app development. I'm using the Live Connect API and I am confused about the credentials. When I configured my app in the Live Connect Developer Centre I was given a ClientID and a Secret. However I don't seem to have to
use the secret in my app, but I can only regenerate the secret and MS says "For security purposes, don't share your client secret with anyone." What's to stop someone who has the ClientID spoofing my app?
推荐答案
客户端密钥用于网站常用的OAUTH类型连接,PHP,类似的东西。 您的移动应用程序(我假设您使用的是"登录"按钮)只需要客户端ID,因为您已在Live Connect
开发人员中心注册该特定应用程序。 所以基本上除非他们有客户ID并且他们使用你的应用程序,否则不可能欺骗。 如果他们想在OAUTH上使用您的客户端ID,那么他们也需要保密!这就是为什么你保密的原因我想是这样的。
The Client Secret is used in OAUTH type connections commonly used with Web Sites, PHP, stuff like that. Your mobile app (I assume you are using the Login button) only needs the client ID as you have registered that particular app in the Live Connect Developer Center. So basically unless they have the Client ID and they use YOUR app, it's not possible to spoof. If they wanted to use your Client ID with OAUTH then they would need to have your secret too (which is why you keep it secret I guess)
所以不用担心,这一切都很好!
So no worries, it's all good!
这篇关于Windows Live Connect客户端ID是秘密吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
