自定义登录系统的端点云 [英] Custom Login System with Cloud Endpoints

问题描述

我知道我问的是相当模糊，但谷歌已经对这个跑起来干。我试图建立云端点挂钩到一个阵营前端的API。该应用程序要求身份验证和授权 - 所以很自然我有几个选择：

I know what I'm asking is quite vague, but Google has run up dry on this. I'm trying to build an API in Cloud Endpoints that hooks into a React frontend. The application requires authentication and authorization - so naturally I've got a few options:

1）自定义登录
2）通过的OAuth2第三方
3）两者（我想这样做）

1) Custom Login 2) Third Party via OAuth2 3) Both (what I would like to do)

我的问题是，究竟我会去实现自定义的认证系统与端点API？因为它是一个RESTful服务，我知道那是无状态的。究竟怎样存储会话数据？我一定要送与每一个API请求凭据（即似乎有些单调乏味）？

My question is, how exactly would I go about implementing a custom authentication system with an Endpoints API? Since it's a RESTful service, I know that it's stateless. How exactly do I store session data? Do I have to send credentials with every API request (that seems tedious)?

尔加，可能有人请点我在这里正确的方向？我不是最博学的人，当涉及到身份验证。谢谢！

Gah, could someone please point me in the right direction here? I'm not the most knowledgable person when it comes to authentication. THANK YOU!

推荐答案

有是在谷歌的云终端一个不为人所熟知，也没有记录功能，可以让您在<一个使用自定义的验证器href=\"https://cloud.google.com/appengine/docs/java/endpoints/javadoc/com/google/api/server/spi/config/ApiClass.html#authenticators--\"相对=nofollow> API一流水平或<一个href=\"https://cloud.google.com/appengine/docs/java/endpoints/javadoc/com/google/api/server/spi/config/ApiMethod.html#authenticators--\"相对=nofollow> API方法级别。这也被描述/记录在一<一href=\"http://stackoverflow.com/questions/25365858/google-cloud-endpoints-and-users-authentication\">stackoverflow问题。

There is a not well known nor documented feature in Google's cloud endpoints that allows you to use custom authenticators on api class level or api method level. This is also described / documented in a stackoverflow question.

有几个问题在这里计算器像<巨蟒href=\"http://stackoverflow.com/questions/16970327/custom-authentication-for-google-cloud-endpoints-instead-of-oauth2?rq=1\">this,它使用的cookies，据我所看到的。我还没有看到如何实现一个自定义的验证器一样，你可以在Java中。

There are a couple of questions here on stackoverflow for python like this, which uses cookies as far as i can see. I've not yet seen how to implement a custom authenticator like you can in Java.

至于如何会话数据存储在一个无状态的服务。答案很简单：您不要。您的API每次调用应包含的所有信息来处理请求。所以，它是由客户端维护会话信息和所需要的API调用时提供。

As for how to store session data in a stateless service. The answer is simple: You don't. Every call to your api should contain all the information to process the request. So it's up to the client to maintain the session information and provide it when needed for an api call.

如果通过会话数据你的意思的东西像那些连接到您的用户平时的用户数据（姓名，地址等），（而不是当前会话），所以如果你有一个工作的认证，你可以简单地请求用户信息的通过身份验证的用户数据库。

If by session data you mean stuff like the usual user data (name, address, etc) those are attached to your user (not the current session) so if you have a working authenticator you can simply request the user information from your database via the authenticated user.

这篇关于自定义登录系统的端点云的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！