Sunrise for iOS如何使用iCloud凭据访问我们的日历? [英] How does Sunrise for iOS use iCloud credentials to access our calendar?
问题描述
iOS上的日出是日历,在版本2的情况下,添加了对iCloud日历的支持。来自此页,Sunrise的团队说:
Sunrise on iOS is calendar that, with version 2, added support for iCloud calendars. From this page, the team at Sunrise say this:
当您输入iCloud凭证时,它们只能通过SSL以安全的方式发送到我们的服务器一次。 [...]我们使用它们从Apple生成安全令牌。这个安全令牌是我们在服务器上存储的唯一内容,我们从不存储您的实际iCloud凭据。
When you type in your iCloud credentials, they are sent to our server only once in a secured way over SSL. [...] We use them to generate a secure token from Apple. This secure token is the only thing we store on our servers, we never store your actual iCloud credentials.
最近:
由于我们的2.11版本,我们没有向服务器发送iCloud凭据,应用程序会生成安全令牌客户端。
Since our 2.11 version, we are not sending iCloud credentials to our servers, the app generates the secure token client-side.
所有这些都意味着,由Apple生成的令牌可以代表用户从Apple的服务器访问用户的iCloud日历。这里和那里有一些参考文献谈论一个方法(一个用户)可以查找CalDAV URL 以用于日历客户端,或者如何使用可以通过登录iCloud网络应用程序将她的日历内容下载为.ics文件。
All of this mean that a token, generated by/for Apple, can be used to access the user's iCloud calendars from Apple's servers, on the user's behalf. There exists a few references here and there talking about the way one (a user) can find a CalDAV URL to use with calendar clients, or how one can download her calendars' content as .ics files by going on the iCloud web app.
日出时团队描述的方法似乎不大适合任何这些方法。因此,我想知道创业公司如何公开(并且显然在Apple的支持下)可以访问Apple的服务器。
The method described by the team at Sunrise do not seem to fit with any of these methods. And so I'd like to know how a startup can openly (and apparently with the support of Apple) have access to Apple's servers.
推荐答案
他们将执行身份验证的代码部分移动到客户端。因此,如果您知道如何在服务器上使用iCloud进行身份验证,那么您就知道如何在客户端上执行此操作。在客户端上,发出授权请求,如果成功,则将授权令牌发送到服务器。此令牌在一定时间内(或无限期)有效。服务器在向Apple发送请求时使用令牌。
They moved the portion of the code that did the authentication to the client. So if you know how to authenticate with iCloud on your server, you know how to do it on the client. On the client, an authorization request is made and if that succeeds, the authorization token is then sent to the server. This token is valid for a certain amount of time (or indefinitely). The server uses the token when sending requests to Apple.
如果我没记错的话,Apple使用 Kerberos 。因此,在身份验证之后,服务器会创建一个票证,然后任何客户端都可以用于请求。票证是发送到服务器的。
If I recall correctly, Apple uses Kerberos for iCloud. So after authentication, the server creates a ticket, which then any client can use for requests. The ticket is what is sent to the server.
这篇关于Sunrise for iOS如何使用iCloud凭据访问我们的日历?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
