在本机应用程序和网站之间共享凭据 [英] Share credentials between native app and web site

问题描述

我正在使用的应用程序允许用户登录到启用OAuth的后端.因此，该应用程序仅具有身份验证令牌和用户元数据的特权，而不具有用户的凭据.

An application I'm working on allows users to log into an OAuth-enabled backend. The application is therefore privy only to the authentication tokens and user metadata, not to the user's credentials.

在该应用程序中，用户可以单击链接，以在浏览器中打开链接.这些资源也受到OAuth的保护，并且在登录本机应用程序期间获得的令牌也与网络有关.

Within the application, users can hit links that open up links in a browser. These resources are also protected by OAuth, and the token obtained during login to the native app is also relevant to the web.

我希望用户的凭据以标准的OAuth方式(通过将其作为Authorization标头包括在内)从本机应用程序流向Web浏览器.

I would like the user's credentials to flow from the native app to the web browser in the standard OAuth manner (by including it as an Authorization header).

Android似乎通过其共享凭据来简化此操作功能，但找不到适用于iOS的等效功能.我确实找到了共享的Web凭据功能，但这似乎需要了解用户的凭据

It seems that Android facilitates this through its shared credentials feature, but I cannot find an equivalent for iOS. I did find the shared web credentials feature, but that seems to require knowledge of the user's credentials.

如何将OAuth令牌从本机应用程序传递到打开的Web浏览器?

How can I flow OAuth tokens from my native app through to web browsers that it opens?

推荐答案

此处关联域和共享Web凭据似乎不是一个好方法.

Associated Domains and Shared Web Credentials don't seem to be a good approach here.

您有两个选择:

1. 将OAuth访问令牌作为URL-QueryString-Param传递给 网页浏览器. https://x.y.z/?access_token=abc您必须操纵嵌入式URL，并确保您的后端能够理解这一点. 非常普通和简便的方法.许多网站，例如Facebook和 Google正在URL中传递访问令牌.
2. 如果您使用的是应用内浏览器(UIWebView，WKWebView)，则可以拦截URL请求并自行添加授权标头.参见此用于UIWebView和此用于WKWebView(比UIWebView难一点)

1. Passing the OAuth Access Token as URL-QueryString-Param to the WebBrowser. https://x.y.z/?access_token=abc You'll have to manipulate the embedded URLs and assure that your backend understands this. Very common and easy approach. Many websites like Facebook and Google are passing Access Tokens in the URL.
2. If you're using In-App-Browsers (UIWebView, WKWebView), you can intercept the URL-Request and add the Authorization Header on your own. See this for UIWebView and this for WKWebView (which is little bit harder than UIWebView)

这篇关于在本机应用程序和网站之间共享凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！