如何唯一标识通过oauth登录的用户? [英] How to uniquely identify user logging in via oauth?
问题描述
我特别 - 我不明白如何将使用 oauth 进行身份验证的用户链接到我的应用程序中的特定帐户?
I particular - I don't understand how to link user that authenticated using oauth to a particular account in my application?
所以这是我的应用程序中的帐户:
So here's accounts in my applciation:
CREATE TABLE accounts (
id BIGINT NOT NULL AUTO_INCREMENT,
username VARCHAR(40),
email VARCHAR(256),
created DATETIME,
updated DATETIME,
PRIMARY KEY (id),
UNIQUE KEY (email),
UNIQUE KEY (username)
) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;
以 openid 为例,有一个唯一的用户 ID (uri, xri) 可以唯一标识该用户.所以我可以像这样链接到我的帐户:
With openid for example there is a unique user id (uri, xri) which uniquely identifies that user. So I can just link to my accounts like this:
CREATE TABLE openid_logins (
id BIGINT NOT NULL auto_increment,
fk_accounts_id BIGINT NOT NULL,
openid_identity TEXT NOT NULL, /*that's unique user id*/
openid_provider_url VARCHAR(255) NOT NULL, /*flickr, yahoo, live_journal*/
PRIMARY KEY (id),
INDEX (openid_identity),
FOREIGN KEY (fk_accounts_id) REFERENCES accounts(id) ON UPDATE CASCADE ON DELETE CASCADE
);
所以每当用户通过 openid 登录时 -> 我可以得到他引用 fk_accounts_id 的常规帐户.
So Whenever user logs in via openid -> I can get his regular account referencing fk_accounts_id.
但是说到 oauth - AFAIK 没有 oauth_identity_string 之类的东西......而且由于 oauth 令牌可能会自行更改令牌,因此不能用作我的应用程序中个人资料的唯一链接......那么应该怎么做我做?如何唯一标识通过oauth登录的用户?
But when it comes to oauth - AFAIK there is no such things as oauth_identity_string... And since oauth tokens might change tokens by themselves cannot be used as a unique link to profile in my applicaiton..... So what should I do? How to uniquely identify a user logging in via oauth?
推荐答案
您无法通过 OAuth 协议本身获取有关用户的信息,但是,通常有一个端点,您可以向该端点发出请求,该端点提供用户信息.例如谷歌提供了一个:在你收到你的令牌后,你可以提出一个请求:
You can't get information about the user by the OAuth protocol itself, however, there is normally an endpoint, to which you can make a request, that provides user information. For example Google provides one: after you receive your token, you can make a request to:
GET https://www.googleapis.com/plus/v1/people/me?access_token={TOKEN}
GET https://www.googleapis.com/plus/v1/people/me?access_token={TOKEN}
这将返回一个 JSON 对象,其中包含有关用户的信息,包括唯一标识符.
This will return a JSON object containing information about the user, including an unique identifier.
这篇关于如何唯一标识通过oauth登录的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!