了解 OAuth 和客户端会话 [英] Understanding OAuth and client sessions

问题描述

我正在学习 OAuth，目的是让我网站的访问者能够使用 Twitter 登录.我一直在使用基于 Python 的 oauth2 库作为学习工具，我想我已经掌握了大部分.

我知道在用户通过服务(在本例中为 Twitter)进行身份验证后，用户将被发送到带有参数 oauth_token 和 oauth_verifier 的回调 URL.

我不明白的是在用户浏览器中存储这些信息的正确方法.如何在后续请求中识别这些值?我是否需要像普通网站一样创建会话系统，或者 OAuth 中是否有一些魔法使这变得不必要?

解决方案

OAuth 不涵盖您如何处理访问您网站的人的客户端会话，这取决于您(以及通常的会话管理框架).

>

OAuth 所做的只是告诉您该用户确实是他声称的 Twitter 用户.然后，您可以将此信息与您网站上的用户会话相关联(就像登录屏幕在您自己的页面上一样).

I'm learning about OAuth with the goal of allowing visitors to my website the ability to sign in with Twitter. I've been using the Python based oauth2 library as a learning tool, and I think I get most of it.

I understand that after the user authenticates with the service (Twitter in this case) the user is sent to the callback URL with the parameters oauth_token and oauth_verifier.

What I fail to understand is the proper way of storing this information in the users browser. How do I identify these values during subsequent requests? Am I required to create a session system as with a normal website, or is there some magic in OAuth that makes this unnecessary?

解决方案

How you handle client sessions of people who visit your website is not covered by OAuth, that remains up to you (and the usual session management frameworks).

All OAuth does is tell you that the user really is the Twitter user he claims to be. You can then associate this piece of information with the user session on your site (just like you would if the login screen was on your own page).

这篇关于了解 OAuth 和客户端会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！