反应本机Instagram显式身份验证 [英] React Native Instagram Explicit Authentication

问题描述

我正在创建一个本地本机应用程序，并向其添加instagram身份验证.我希望用户能够将其instagram帐户添加"到其主要用户帐户，所以我有一个连接您的instagram"按钮.

I'm creating a react native app and adding instagram authentication to it. I want users to be able to "add" their instagram accounts to their main user account, so I have a "connect your instagram" button.

我可以在我的Web应用程序上正常工作.流程如下:

I have this working on my web app fine.. The flow is as follows:

1. 用户单击连接instagram"按钮，将打开一个新窗口，并定向到https://instagram.com/oauth/authorize/?client_id=xxxx blah blah
2. 用户进行身份验证，并使用CODE参数将instagram重定向到我的REDIRECT_URI
3. 我的API服务器采用CODE参数，并使用所有凭据将发布请求发送到instagram.
4. Instagram会验证此信息并为我提供用户ACCESS_TOKEN

1. User clicks 'connect instagram' button and a new window opens and is directed to https://instagram.com/oauth/authorize/?client_id=xxxx blah blah
2. User authenticates and instagram redirects to my REDIRECT_URI with a CODE parameter
3. My API server takes the CODE parameter and sends a post request to instagram with all the credentials.
4. Instagram verifies this information and gives me the users ACCESS_TOKEN

有人可以告诉我这在应用程序中应该如何工作吗?

Can someone tell me how this is supposed to work in an app?

我的REDIRECT_URI应该是什么?服务器api?

What's my REDIRECT_URI supposed to be? The server api?

与我的Web应用程序流相同吗?如果是这样，在关闭窗口后，如何使用户回到我的应用程序.我的应用如何知道用户现在拥有访问令牌?

Is it the same flow as my web app? If so, how do I get the users back to my app after the window is closed. How does my app know that the user now has an access token?

推荐答案

对于本机应用程序，流程类似于您为Web应用程序描述的流程.

With a native application the flow is similar to what you described for the web application.

Auth0 Mobile + API体系结构方案描述了应该发生的情况当您需要对移动应用程序的用户进行身份验证，然后稍后代表该用户访问API时.

The Auth0 Mobile + API architecture scenario describes what should happen when you need to authenticate a user for a mobile application and then later access an API on behalf of that user.

• 您将继续使用授权码授予；
• 如果有问题的授权服务器支持它，则应使用PKCE( OAuth用于代码交换的证明密钥公共客户端)以提高安全性；
• 您将需要选择如何在本机应用程序中接收代码； 您可以使用自定义方案com.myinstaapp:，具有http:方案的本地Web服务器或其他一些选项； _{(有关其他替代方法，请参见用于本机应用程序的OAuth重定向URI 的此答案)}
• 您用与访问Web应用程序类似的方式交换由本机应用程序获得的代码和访问令牌. _{(除了使用客户端机密外，客户端机密通常对本机应用程序无用，因为它们很容易泄露)}

• you will continue to use the authorization code grant;
• if the authorization server in question supports it you should use the PKCE (Proof Key for Code Exchange by OAuth Public Clients) for added security;
• you will need to select how you will receive the code in the native application; you can use a custom scheme com.myinstaapp:, a local web server with the http: scheme or a few other options; _{(see this answer on OAuth redirect URI for native application for other alternatives)}
• you exchange the code obtained by the native application with an access token in a similar way to what you would do for a web application; _{(except for the use of client secrets which are in general not useful for native applications as they would be easily leaked)}

Auth0场景中描述的流程假设身份验证将通过符合OpenID Connect的流程进行，此外，您还将获得OAuth2指定的访问令牌.我对Instagram不太熟悉，因此，如果它们仅支持OAuth2，则该部分当然不适用.

The flow described in the Auth0 scenario assumes that authentication will happen through an OpenID Connect compliant flow and in addition you'll get the access token as specified by OAuth2. I'm not overly familiar with Instagram so if they only support OAuth2 that part is of course not applicable.

这篇关于反应本机Instagram显式身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！