如何唯一标识通过oauth登录的用户? [英] How to uniquely identify user logging in via oauth?

问题描述

我特别 - 我不明白如何将使用 oauth 进行身份验证的用户链接到我的应用程序中的特定帐户?

I particular - I don't understand how to link user that authenticated using oauth to a particular account in my application?

所以这是我的应用程序中的帐户:

So here's accounts in my applciation:

CREATE TABLE accounts (
    id BIGINT NOT NULL AUTO_INCREMENT,
    username VARCHAR(40),
    email VARCHAR(256),
    created DATETIME,
    updated DATETIME,
    PRIMARY KEY (id),
    UNIQUE KEY (email),
    UNIQUE KEY (username)
) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;

以 openid 为例，有一个唯一的用户 ID (uri, xri) 可以唯一标识该用户.所以我可以像这样链接到我的帐户:

With openid for example there is a unique user id (uri, xri) which uniquely identifies that user. So I can just link to my accounts like this:

CREATE TABLE openid_logins (
    id BIGINT NOT NULL auto_increment,
    fk_accounts_id BIGINT NOT NULL,
    openid_identity TEXT NOT NULL, /*that's unique user id*/
    openid_provider_url VARCHAR(255) NOT NULL,  /*flickr, yahoo, live_journal*/
    PRIMARY KEY (id),
    INDEX (openid_identity),
    FOREIGN KEY (fk_accounts_id) REFERENCES accounts(id) ON UPDATE CASCADE ON DELETE CASCADE
);

所以每当用户通过 openid 登录时 -> 我可以得到他引用 fk_accounts_id 的常规帐户.

So Whenever user logs in via openid -> I can get his regular account referencing fk_accounts_id.

但是说到 oauth - AFAIK 没有 oauth_identity_string 之类的东西......而且由于 oauth 令牌可能会自行更改令牌，因此不能用作我的应用程序中个人资料的唯一链接......那么应该怎么做我做?如何唯一标识通过oauth登录的用户?

But when it comes to oauth - AFAIK there is no such things as oauth_identity_string... And since oauth tokens might change tokens by themselves cannot be used as a unique link to profile in my applicaiton..... So what should I do? How to uniquely identify a user logging in via oauth?

推荐答案

您无法通过 OAuth 协议本身获取有关用户的信息，但是，通常有一个端点，您可以向该端点发出请求，该端点提供用户信息.例如谷歌提供了一个:在你收到你的令牌后，你可以提出一个请求:

You can't get information about the user by the OAuth protocol itself, however, there is normally an endpoint, to which you can make a request, that provides user information. For example Google provides one: after you receive your token, you can make a request to:

GET https://www.googleapis.com/plus/v1/people/me?access_token={TOKEN}

GET https://www.googleapis.com/plus/v1/people/me?access_token={TOKEN}

这将返回一个 JSON 对象，其中包含有关用户的信息，包括唯一标识符.

This will return a JSON object containing information about the user, including an unique identifier.

这篇关于如何唯一标识通过oauth登录的用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！