有关的OAuth和Android的几个问题 [英] Some questions about OAuth and Android
问题描述
我开始阅读关于OAuth的今天上午,需要建议(链接等),这将有助于回答以下问题:
1.如何实现使用OAuth在Android设备上3条腿的认证?是否有协助在上述图书馆?
2.是什么意思时,有人说:网站/服务ABC支持OAuth的?
I started reading on OAuth this morning; need suggestions(links et al.) that will help answer the following questions:
1. How to implement 3 legged Authentication using OAuth on Android devices? Is there a library that assists in the aforementioned?
2. What does it mean when someone says: "Site/Service ABC supports OAuth"?
谢谢!
推荐答案
要解决的第一个问题,你应该能够使用任何Java的OAuth库在Android,这里有一个使用的 Java的OAuth的项目库来开发在Android消费者的应用程序:
To address your first question, you should be able to use any Java OAuth library on an Android, here's a link to a tutorial that uses the Java OAuth project library to develop a consumer app on an Android:
特别要注意一个自定义的URI方案的登记(即的myapp://)与您的应用程序。您将使用发送oauth_callback参数,它可以让你的用户能够轻松地通过了3条腿的工作流程时,该URI方案(基本上你会得到一个请求令牌从SP,通过浏览器直接用户到SP授权令牌,那么SP将用户使用自定义的URI方案)重定向到您的应用程序。
Specifically pay attention to the registering of a custom URI scheme (i.e. myapp://) with your application. You'll use this URI scheme when sending the oauth_callback parameter which will allow your users to go through the 3-legged workflow easily (basically you'll get a request token from the SP, direct your user to the SP via a browser to authorize the token, then the SP will redirect the user back to your app using the custom URI scheme).
现在你的第二个问题:当有人说,一个站点或服务支持OAuth的,这通常意味着他们已经实施的OAuth作为一个服务提供商。这意味着你可以开发一个消费者应用程序,使用OAuth的执行委托授权,由服务托管的受保护资源。要小心,要注意哪些版本的OAuth的SPEC服务/网站的支持。最应放在1.0a的,但是一些可能仍然在1.0具有稍微不同的工作流程。您可以放心忽略的差别,只是看了1.0a的规范,如果这就是他们的支持,否则,你要挖1.0规范(下文提供的链接)。
Now for your second question: When somebody says that a site or service supports OAuth, it usually means that they have implemented OAuth as a Service Provider. This means that you can develop a consumer app that uses OAuth to perform delegated authorization to the protected resources hosted by the service. Be careful to note which version of the OAuth spec the service / site supports. Most should be on 1.0a, but some may still be on 1.0 which has a slightly different workflow. You can safely ignore the differences and just read the 1.0a spec if that's what they support, otherwise you'll want to dig up the 1.0 spec (links provided below).
让我知道有没有什么帮助,或者有什么特别,你想我阐述一下!祝你的应用程序!
Let me know if that helps, or if there's anything in particular you'd like me to elaborate on! Good luck with your app!
- OAuth 1.0a Spec
- OAuth 1.0 Spec
需要注意的是1.0具有1.0A中解决一些安全问题。还要注意的是1.0A已被改写为一个IETF草案。所使用的术语是在IETF草案略有不同,并且使用安全传输层(即SSL)和明文署名方法时一些要求已被丢弃。大多数的SP依然会坚持1.0A虽然。否则,IETF草案更写得很好,是值得一读,如果你能想到的术语差异:
Note that 1.0 has some security issues that were addressed in 1.0a. Also note that 1.0a has been rewritten as a IETF draft. The terminology used is slightly different in the IETF draft, and some of the requirements have been dropped when using a secure transport layer (i.e. SSL) and the plaintext signature method. Most SPs will still adhere to 1.0a though. Otherwise the IETF draft is much more well written and is worth a read, if you can mind the terminology differences:
这篇关于有关的OAuth和Android的几个问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
