使用2种不同的登录方法:在一个应用程序中使用JWT令牌和Google登录 [英] Use 2 different login methods: JWT token and Google sign-in in one app

问题描述

我有一个客户端应用程序:android应用程序，服务器端应用程序:基于flask的rest api，使用JWT令牌登录.

I have an application that is on the client side: android app, and on the server side: flask based rest api, login with JWT token.

为了提高安全性，我也希望将登录信息与Google结合使用.

For better security, I want to combine login with Google as well.

问题是: 天真的解决方案是在客户端: 在两种情况下，我需要"SPLIT"登录代码-不错， 但是稍后对服务器的每个请求-我需要检查我是否有jwt令牌或google用户数据，然后发送正确的调用.

The problem is: The naive solution, is on the client side: I need to "SPLIT" the login code for the 2 cases - That's not so bad, But later on for each request to the server - I need to check if I have jwt token, or google user data, and send the correct call.

然后在服务器端-我需要在Api的每个部分"SPLIT"我的代码，以检查其具有jwt令牌或Google用户的天气. 这种天真的解决方案对我来说似乎很难看，我在问是否有更好的方法来解决这个问题.

Then on the server side as well - I need to "SPLIT" my code at every part of the Api to check weather it had jwt token or Google user. This naive solution seems ugly to me, and i'm asking if there is a better approach to this problem.

我的朋友建议我放弃jwt连接并仅使用google，但从用户的角度来看，我认为最好将2作为选项并进行选择.

My friend suggested me to drop the jwt connecting and use only google, but from the user's side, I think it's better to have the 2 as options and to choose from.

推荐答案

一个简单的答案:为什么用户在使用Google登录后不给用户JWT令牌?我们通常的操作方式是:在客户端登录->发送Google令牌->服务器验证并发送JWT令牌->用户使用JWT令牌，服务器使用Google令牌更新用户信息，例如个人资料图片或姓名.

A straight-forward answer: Why don't you give the user a JWT token after they've logged in with Google? How we usually do this is: Login on client -> Send Google token -> Server verifies and sends JWT token -> User uses JWT Token and server uses Google token for updating the user information like the profile image or name.

这篇关于使用2种不同的登录方法:在一个应用程序中使用JWT令牌和Google登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！