回送护照手机登录 [英] Loopback passport mobile login

问题描述

我正在开发具有环回和通行证的API.我看过这个例子，很好:

I'm developing an API with loopback and passport. I've seen this example, which is quite good:

https://github.com/strongloop/loopback-example-passport

在文档中，他们说回送遵循此步骤，以通过第三方提供商对用户进行身份验证:

In the documentation, they say loopback follows this step to authenticate users via third party providers:

1. 访客请求通过单击链接或使用Facebook登录 由LoopBack支持的按钮可启动oAuth 2.0授权.
2. LoopBack将浏览器重定向到Facebook的授权端点 因此用户可以登录Facebook并授予LoopBack权限
3. Facebook将浏览器重定向到LoopBack托管的回调URL 使用oAuth 2.0授权代码
4. LoopBack向Facebook令牌终结点发出请求，以获取 使用授权码访问令牌
5. LoopBack使用访问令牌检索用户的Facebook 个人资料
6. LoopBack通过(提供者，externalId)搜索UserIdentity模型 查看给定Facebook ID的现有LoopBack用户 如果是，请将LoopBack用户设置为当前上下文 如果不是，请从配置文件创建LoopBack用户，并在UserIdentity中创建相应的记录以跟踪第三方登录. 将新创建的用户设置为当前上下文.

1. A visitor requests to log in using Facebook by clicking on a link or button backed by LoopBack to initiate oAuth 2.0 authorization.
2. LoopBack redirects the browser to Facebook's authorization endpoint so the user can log into Facebook and grant permissions to LoopBack
3. Facebook redirects the browser to a callback URL hosted by LoopBack with the oAuth 2.0 authorization code
4. LoopBack makes a request to the Facebook token endpoint to get an access token using the authorization code
5. LoopBack uses the access token to retrieve the user's Facebook profile
6. LoopBack searches the UserIdentity model by (provider, externalId) to see there is an existing LoopBack user for the given Facebook id If yes, set the LoopBack user to the current context If not, create a LoopBack user from the profile and create a corresponding record in UserIdentity to track the 3rd party login. Set the newly created user to the current context.

所以我的问题是，假设某些用户使用移动应用程序获得了访问令牌，那么我该如何使用Loopback Passport验证该用户的请求呢?

So my question is, suppose some user get an access token using a mobile app, the how can I authenticate that user's requests using Loopback Passport?

谢谢

推荐答案

我打开了一个有关同一问题的类似主题，

I had opened a similar topic about same issue, How integrate loopback third-party login for android. Then found a solution for this.

首先，重要的一点是，回送用户可以同时拥有更多访问令牌.当您从网站或移动应用程序登录时，环回每次都会创建一个访问令牌.

First of all, its important to say that, a loopback user can able to have more access tokens in same time. When you logged in from your web site or mobile app, loopback creates an access token each time.

如果您要获取访问令牌，已经有一种方法，因此可以使用类似的登录方法获取访问令牌

If you are asking about to get access token, there is already a way to do this, so you can get access tokens using login method like that

User.login({username: 'foo', password: 'bar'}, function(err, accessToken) {
   console.log(accessToken);
});

您唯一要做的就是从您的android应用中调用此托管方法.您可以使用回送android sdk(正确方法)或将用户名和密码发布到服务器和句柄，就像这样

The only thing you have to do is calling this hosted method from your android app. You can use loopback android sdk (proper way) or posting username and password to server and handle, simply like that

app.post('/android/custom_login', function(req, res){
    var username = req.body.username;
    var password = req.body.password;

    User.login({username: username , password: password }, function(err, accessToken) {
      console.log(accessToken);
      return res.send(accessToken);
    });
});

如果您要询问要使用社交网络帐户登录的用户，然后获取访问令牌，我可以模拟Google场景中的一些情况.您也可以检查额外的回送github测试

If you are asking about, to make logged in users with social network account and then get access token, i can simulate a few things from google scenario. Also you can check extra loopback github test

app.post('/android/custom_login', function(req, res){
   var provider = 'google';
   var authSchema = 'oAuth 2.0';

   // oneTimeCode from android
   var oneTimeCode = req.body.oneTimeCode;

   // Make a request to google api
   // to exchange refreshToken and accessToken with using google apis
   var accessToken = 'FROM GOOGLE API';
   var refreshToken = 'FROM GOOGLE API';

   // external id is your google or facebook user id
   var externalId = 'FROM GOOGLE API';
   var email = 'FROM GOOGLE API';

   var credentials = {};
   credentials.externalId = externalId;
   credentials.refreshToken = refreshToken;

   var profile = {};
   profile.id = externalId;
   profile.emails = [{type:'account', value: email}];

   UserIdentityModel.login(
     provider, authSchema, profile, credentials , 
     {autoLogin:true}, function(err, loopbackUser, identity, token){
            if(err) throw err;
            // token is access token for thig login
            return res.send(token);
   });
});

在Google方案中，当用户单击登录按钮时，我获得了一次性代码.然后将一次性代码发布到我的服务器上，以与访问令牌和刷新令牌进行交换.同样在这里，我正在从Google获取用户个人资料信息.

In google scenario, i am obtaining a one-time code when the user clicked sign-in button. Then posted the one-time code to my server for exchanging with access token and refresh token. Also here, i am getting user profile info from google.

配置文件和提供者非常重要，因为 UserIdentityModel.login()方法使用提供程序和profile.id(如果这些信息不存在)创建一个匿名用户

Profile and provider , are really important because UserIdentityModel.login() method creates an anonymous user with using provider and profile.id (if these infos not exist)

毕竟，如您所见，您将拥有一个android应用访问令牌

After all you will have an access token for android app, as you see

这篇关于回送护照手机登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！