请用OAuth的,我应该怎么保存/应用来识别用户? [英] sign in with oAuth, what should i store/use to identify the user?
问题描述
我尝试实施在我的应用程序的Facebook / Twitter功能的登录,我读了OAuth的一些导游,我想我了解一些基本的概念,这里是我的理解(请纠正我,如果我错了):
im trying to implement a login with facebook/twitter functionality in my app, i read some guides on oAuth, and i think i understood some of the basic concept, and here is what i understood (please correct me if i'm wrong):
- 对myApp发送请求到OAuth的提供商,得到了(A)请求令牌。
- 发送用户进行身份验证(A),返回(B)身份验证的请求令牌(这是什么称的OAuth令牌?)
- 使用(B)来获得(C)访问令牌。
- 使用C至获取用户信息。
和这里是什么我不能在我的脑海里,这些是我应该使用/存储识别用户哪一个?我想过用那些每个人的可能性,但我总是停留在如何检查用户是否在之前签订...
and here is what i can't get around my head, which one of these that i should use/store to identify the user? i thought about the possibility of using each one of those, but im always stuck on how to check if the user has signed in before...
推荐答案
如果你需要的仅仅是身份验证,然后只存储 USER_ID
就足够了。
If all you need is just authentication, then storing only user_id
is enough.
所以,创建另一个表所示:
So create another table like:
id | service_name | user_id | my_user_id
其中, SERVICE_NAME
是叽叽喳喳
或的Facebook
, USER_ID
- 是从Twitter / Facebook的用户ID和 my_user_id
是 USER_ID
在你的身份验证系统。
where service_name
is either twitter
or facebook
, user_id
- is user's id from twitter/facebook and my_user_id
is a user_id
in your authentication system.
所以:
SELECT my_user_id FROM oauths WHERE service_name = 'twitter' AND user_id = 42
将返回您的系统的user_id或没有
would return you your system user_id or nothing
PS: SERVICE_NAME
可以(也应该)进行归一化,我一直是作为一个字符串只是为了简化的例子
PS: service_name
could (and should) be normalized, I kept it as a string just to simplify an example
PPS:如您在留言说你可能会想发布/啁啾
PPS: as you said in comments you probably would want "posting/tweeting".
在你需要存储的Twitter用户的访问令牌,并存储没有额外的脸谱,但要求该案例 publish_stream
许可时验证用户。
In that case you need to store user's access token for twitter, and store nothing additional for facebook, but request for publish_stream
permission when authenticate user.
这篇关于请用OAuth的,我应该怎么保存/应用来识别用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!