与谷歌帐户GWT授权/认证 [英] Authorization/Authentication with Google account in GWT
问题描述
我试图让我的GWT应用程序与谷歌帐户的用户进行身份验证。我基本上需要的只是对每个用户的独特价值,并确保这些值总是描述正确的用户。主要要求是,code我必须写的行数尽可能少: - )
I'm trying to enable my GWT application authenticate users with their Google accounts. What I basically need is just to have an unique value for every user and be sure that these values will always describe correct users. The main requirement is, the number of lines of code I have to write is as small as possible :-)
我试图使用 GWT-的oauth2 库,但它看起来像的OAuth的整体思路是提供一个令牌,它允许访问如邮件,联系人等不同的私有资源,但它并没有定义用户本身。
I'm trying to use gwt-oauth2 library, but it looks like the whole idea of OAuth is to provide a token that allows access to different private resources like mail, contacts, etc., but it doesn't define the user itself.
问题1 - 是正确的令牌谷歌给我只定义了会话使用权限来访问用户的隐私数据,它并没有定义的独特用户
Question #1 - is that right that token Google gives me only defines "session with rights to access user's private data" and it doesn't define "the unique user"?
问题2 - 我应该使用OpenID的替代,因为我100%肯定,我永远不会需要访问任何私人数据,我唯一需要的是有用户唯一的描述?
Question #2 - should I use OpenID instead, since I'm 100% sure I'll never need to access any private data and the only thing I need is to have user's unique descriptor?
对于那些谁认为这是最简单的方法来启用GWT应用程序谷歌认证的副本? (非GAE托管)。这个问题是不是库用来尽快解决这个问题,这个问题关于认证是否是授权的一个子集的理解。现在的问题是对的OAuth的OpenID我的情况。
For those who consider it a duplicate of Easiest way to enable Google authentication for GWT application? (non-GAE-hosted). This question is not about libraries to use to solve the problem ASAP, this question is about understanding of "whether authentication is a subset of authorization". The question is OAuth vs. OpenID for my case.
推荐答案
1)的OAuth的要点是允许网站所有者访问某些信息的用户允许。你没有得到一个独特的用户,但你可以要求他们的电子邮件地址和/或名称和商店,然后检索,当他们再次登录通过OAuth。
1) The point of OAuth is to allow a site owner to access certain info the user allows. You don't get a "unique user", however you could request their e-mail address and/or name and store that, then retrieve it when they log back in via OAuth.
2)是啊,OpenID的可能是你的使用情况更好的选择。如果你不保存用户的信息,不要刻意要求他们给它,你的访问。的OpenID的确实的提供用户唯一的ID。
2) Yeah, OpenID probably a better option for your use case. If you're not saving the user's info, don't bother asking them to give you access to it. OpenID does offer unique IDs for users.
这篇关于与谷歌帐户GWT授权/认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
