OAuth2用户提供:如何提供一个登录页面,以让OAuth用户端获取资源所有者ID [英] OAuth2 Provider: How to offer a login page in order to let oauth clients get the resource owner id
问题描述
我正在开发中Rails3中一个RESTful API和一个相应的OAuth2提供者(由Android客户消费)。
I'm developing a RESTful API in Rails3 and a corresponding OAuth2 provider (consumed by android clients).
我公司供应的典型路线:
I supply the typical routes:
授权=>授权批准
标记=>收到的access_token
token => receive access_token
这一切工作,我的移动客户端接收并保存访问令牌的资源拥有者。
All this is working and my mobile clients receive and save the access tokens for the resource owners.
但是,现在,我该如何告知谁正在使用应用程序的移动客户端和ACCESS_TOKEN它从数据库中使用?
But now, how do I inform the mobile client about who is currently using the app and which access_token it has to use from the database?
我需要一个登录页面,那么或许发送用户的ID,以应用程序的回调网址?是否有此标准的过程?什么样的登录页面的移动客户端可以处理最好?
I need a login page and then perhaps send the user's id to an app's callback URL? Is there a standard process for this? What kind of login page mobile clients can handle best?
推荐答案
OK显然,你不关心认证用户在智能手机上。
至少有一个应该提供和API资源的无效的access_token(通过应用程序注销)。
OK obviously you don't care about authenticating the user on smartphones. At least one should offer and API resource to invalidate an access_token (Logout via App).
这篇关于OAuth2用户提供:如何提供一个登录页面,以让OAuth用户端获取资源所有者ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!