创建首次登录的用户记录/个人资料 [英] Creating user record / profile for first time sign in
问题描述
我使用身份验证服务Auth0来允许用户登录我的应用程序.该应用程序是一个Q& A平台,非常类似于stackoverflow.我在服务器上存储了一个用户个人资料,其中包含诸如关于我",投票,首选项等信息.
I use an authentication service Auth0 to allow users to log into my application. The application is a Q&A platform much like stackoverflow. I store a user profile on my server with information such as: 'about me', votes, preferences, etc.
新用户登录后,我需要做2件事之一:
When new user signs in i need to do 1 of 2 things:
- 对于现有用户-从我的api服务器中检索用户个人资料
- 对于新用户-在数据库上创建新的配置文件
用户登录后,Auth0(身份验证服务)将向我发送有关该用户的一些详细信息(唯一ID,名称和电子邮件),但不表示这是新用户(注册)还是现有用户用户(登录).
After the user signs in, Auth0(the authentication service) will send me some details(unique id, name and email) about the user but it does not indicate whether this is a new user(a sign up) or a existing user(a sign in).
这不是一个复杂的问题,但是最好了解最佳实践.我可以想到两种不太理想的方法来解决此问题:
This is not a complex problem but it would be good to understand best practice. I can think of 2 less than ideal ways to deal with this:
**解决方案1-GET请求**
**Solution 1 - GET request **
- 将传递唯一ID的get请求发送到api服务器
- 如果找到记录,请返回
- 否则在db上创建新的配置文件并返回新的配置文件
这似乎是不正确的,因为GET请求不应写入服务器.
This seems incorrect because the GET request should not be writing to the server.
**解决方案2-一个GET和一个条件POST请求**
**Solution 2 - One GET and a conditional POST request **
- 将传递唯一ID的get请求发送到api服务器
- 服务器检查数据库并返回配置文件或错误消息
- 如果api服务器返回错误消息,请发送发布请求以创建新的配置文件
- 否则重定向到主页
这似乎效率低下,因为我们需要2个请求才能获得简单的结果.
This seems inefficient because we need 2 requests to achieve a simple result.
任何人都可以阐明最佳做法吗?
Can anyone shed some light on what's best practice?
推荐答案
关于最佳方法和一些有趣的微妙之处似乎有些分歧,如本文所讨论:REST惰性参考是否创建GET或POST?
There seems to be a bit of disagreement on the best approach and some interesting subtleties as discussed in this post: REST Lazy Reference Create GET or POST?
请阅读全文,但我倾向于@Cormac Mulhall和@Blake Mitchell答案:
Please read the entire post but I lean towards @Cormac Mulhall and @Blake Mitchell answers:
客户端希望从服务器获取资源的当前状态.尚不知道这可能意味着创建资源,它并不在意这是任何人第一次尝试获取此资源,也不是服务器必须在其末端创建资源.
The client wants the current state of the resource from the server. It is not aware this might mean creating a resource and it does not care one jolt that this is the first time anyone has attempted to get this resource before, nor that the server has to create the resource on its end.
@Blake Mitchell提供的 RESTful食谱的以下引号有细微的区别这也支持Mulhall的观点:
The following quote from The RESTful cookbook provided by @Blake Mitchell makes a subtle distinction which also supports Mulhall's view:
什么是幂等和/或安全方法? 安全方法是不修改资源的HTTP方法.例如,在资源URL上使用GET或HEAD时,切勿更改资源.但是,这不是完全正确的.这意味着:它不会更改资源表示.安全方法仍然有可能更改服务器或资源上的内容,但这不应以其他表示形式反映出来.
What are idempotent and/or safe methods? Safe methods are HTTP methods that do not modify resources. For instance, using GET or HEAD on a resource URL, should NEVER change the resource. However, this is not completely true. It means: it won't change the resource representation. It is still possible, that safe methods do change things on a server or resource, but this should not reflect in a different representation.
最后,此主要区别是在HTTP规范的第11.1.1节中进行的. :
Finally this key distinction is made in Section 9.1.1 of the HTTP specification:
自然地,无法确保服务器不会 由于执行GET请求而产生副作用;在 实际上,一些动态资源认为该功能. 重要 这里的区别是用户没有要求副作用, 因此不能对他们负责.
Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.
回到最初的问题,以上内容似乎支持解决方案1,即在服务器上不存在配置文件的情况下创建配置文件.
Going back to the initial question, the above seems to support Solution 1 which is to create the profile on the server if it does not already exist.
这篇关于创建首次登录的用户记录/个人资料的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
