使用OAuth验证应用程序以访问Fusion Tables [英] Authenticate application with OAuth to access Fusion Tables
问题描述
我目前正在构建一个使用Google Fusion Tables作为其数据库的移动网络应用程序。有一个很好的适用于Fusion Tables的OAuth 2.0指南,但所描述的流程包括用户,想要授予我的应用程序访问其Fusion Tables的权限。
I'm currently building a mobile web application that uses Google Fusion Tables as it's database. There is a good OAuth 2.0 guide for Fusion Tables, but the described process includes a user, that wants to give my application the permission to access his Fusion Tables.
在我的情况下,我拥有Fusion Table(它连接到我的帐户),并且我想要的是为用户授予此表上所有CRUD操作的权限。从公共表中读取完全没有问题,因为它不需要身份验证,但所有写操作(INSERT / UPDATE / DELETE)都需要验证。因此,如果有人访问我的移动Web应用程序,他们应该获得我的融合表的访问令牌,允许他们写入表。
In my case, I own the Fusion Table (it is connected to my account), and all I want is to give users the permission to all CRUD operations on this table. To read from the public table is no problem at all, as it does not require authentication, but all write operations (INSERT/UPDATE/DELETE) need authenctication. So if someone access my mobile web application, they should get an access-token for my fusion table, allowing them to write to the table.
我已经注册了我的应用程序谷歌,当我用我的用户帐户登录时,我能够将数据写入我的融合表。这对其他人有什么作用?
I already registered my application at Google, and I'm able to write data to my fusion tables, when I'm logged in with my user account. How does this work for everybody else?
我的问题:
- 这是可以使用仅限浏览器的解决方案吗?根据我的经验,我需要将客户端秘密放在JavaScript文件中。这真的那么糟糕吗?我的意思是,可能发生的最糟糕的事情是什么?
- 我发现了一篇关于如何:在JavaScript中保护OAuth,这是更好的方法吗?有没有人尝试使用Google Fusion Tables?
- 如果构建仅限浏览器的解决方案并不容易,那么如何使用服务器端脚本来实现?我想到了一个PHP脚本,客户端可以获得有效的访问令牌。
- Is this possible with a browser-only solution? From what I've learned I need to put my client secret in a JavaScript file. Is this really that bad? I mean, what's the worst thing that could happen?
- I found a blog article about "How-to: Secure OAuth in JavaScript", is this the better approach? Has anyone tried that with Google Fusion Tables?
- If it's not that easy to build a browser-only solution, how would you do it with a server-side script? I thought of a PHP script where a client could just get a valid access-token.
我是否在正确的轨道上?您将如何解决此用例?
Am I on the right track? How would you solve this use case?
推荐答案
您可能希望使用OAuth 2.0服务帐户来访问您的应用程序融合表:
You'll probably want to use a OAuth 2.0 Service Account for your application to access Fusion Tables:
https://开发人员.google.com / accounts / docs / OAuth2ServiceAccount
Google PHP客户端库支持此类帐户:
The Google PHP client library supports this type of account:
http://code.google.com/ p / google-api-php-client / wiki / OAuth2
这篇关于使用OAuth验证应用程序以访问Fusion Tables的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
