没有网络视图的门卫 [英] Doorkeeper without web views

问题描述

我正在使用Rails编写用于移动应用程序的API，OAuth似乎是处理用户授权的标准方法.

I'm using Rails to write an API for mobile application and OAuth seems like a standard way to handle user authorization.

如果我正确理解Doorkeeper文档，则它要求用户先登录网站，然后才能授予对移动应用程序的访问权限.

If I understand Doorkeeper docs correctly it requires user to be signed in with the website before it grants access for the mobile app.

在某些情况下，问题可能是实际上没有任何网站(可能在将来，但现在只是api).我希望在ios应用程序中处理用户创建/登录等操作.

The issue in may case is that there really isn't any website (it may be in the future but for now it's just api). I would like the user creation/signing in etc be handled in the ios application.

这使我想知道OAuth是否是此处的正确解决方案?

This makes me wonder if OAuth is the correct solution here?

推荐答案

OAuth资源所有者密码凭据授予"，根据 OAuthClientSetup 一个针对门卫api的iOS示例.

The OAuth "Resource Owner Password Credentials Grant," according to rfc6749 Section 4.3, will grant an authorization token and optionally a refresh token given user name and password. Thus the mobile app doesn't have to store user name and password to gain authorized access. It becomes like a long running session using token and refresh token. OAuthClientSetup an iOS example that runs against a doorkeeper api.

因此，有一种OAuth方法无需网站登录身份验证和访问授权即可获得授权.

So there is the OAuth method for gaining authorization without having web site login authentication and access grant.

剩下的是如何从您的移动应用程序注册新用户.同意看起来不属于OAuth. OmniAuth 将允许您注册由第三方站点授权的用户.您允许用户成为他们在Twitter或FaceBook，StackOverflow或GitHub或其他任何地方的用户.也许会有所帮助.

What is left is how to register new users from your mobile app. Agree that does not look to be covered by OAuth. OmniAuth will let you register a user authorized by a third party site. You allow the user to be the user they are on Twitter or FaceBook, StackOverflow or GitHub or wherever else. Maybe that would help.

这篇关于没有网络视图的门卫的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！