Android应用程序的网络服务器+ API使用联合登录或OpenID的(不GAE) [英] Android app + webserver API using Federated login or OpenID (WITHOUT GAE)
问题描述
我有一个Android应用程序需要将数据上传到一个API(API然后将保存MySQL数据库的数据)。我想用一个联合登录(谷歌)或OpenID的认证过程,使用户不必为我的应用程序注册电子邮件+密码,而是可以使用谷歌(或其他帐户)保存在的AccountManager 。
I have an Android app that needs to upload data to an API (API will then save data in MySQL DB). I would like to use a Federated login (Google) or OpenID authentication procedure so that user does not need to register email + password for my app, but rather can use Google (or other account) that is saved in AccountManager.
直到今年年初,该解决方案是使用GAE,根据尼克·约翰逊的著名食谱。但自从谷歌开始收取使用GAE的,这不是一个可行的解决方案了。 请不建议GAE 的。
Up until early this year, the solution was using GAE, as per Nick Johnson's famous recipe. But since Google started charging for the use of GAE, this is not a viable solution anymore. PLEASE DO NOT RECOMMEND USE OF GAE.
有没有人曾设法解决与联合登录或OpenID的认证,然后在第三方获得授权的问题(你的)Web服务器API?
Has anyone ever managed to solve the problem of authenticating with Federated Login OR OpenID and then getting authorization on a third-party (your) webserver API?
请注意:OAuth的将是不同的,这将依赖于交互授权与pviously验证消费者$ P $,当你验证应用的用户(移动是不是这样一个简单的解决方案(在一个可信任的方式) )使用FedLogin或OpenID的。 OAuth的工作,如果我的应用程序(移动+网络服务器)验证用户(我保存登录+密码 - 这正是我想避免),但如果谷歌(或FB)为你做这个。
NOTE: OAuth would be a straightforward solution for authorization except that it would rely on interacting (in a trusted manner) with a previously authenticated consumer, which is not the case when you authenticate the app user (on the mobile) using FedLogin or OpenID. OAuth works if my app (mobile + webserver) authenticates user (and I store login + password — which is EXACTLY what I am trying to avoid), but not if Google (or FB) do this for you.
推荐答案
That's what OpenID Connect does. Demo app here.
至于GAE,它仍然有一个自由层(28前端实例小时,足够运行24/7)的应该够你,如果你没有得到多少流量。反正你这样做,你必须从某个地方运行服务器(即使它是你自己的机器),所以没有办法让这个完全免费的。所以,是的,GAE是一个可行的选择。你可以开始自由,并根据需要扩展。还有其他原因,以避免GAE,而是我要(在某些时候)工资(某事),因此废了',绝对是错误的心态。
As for GAE, it still has a free tier (28 frontend instance hours, enough to run 24/7) an it should be enough for you if you don't get much traffic. Anyway you do this, you have to run a server somewhere (even if it is your own machine), so there is not way to make this completely free. So yes, GAE is a viable option. You can start off for free and scale up as needed. There are other reasons to avoid GAE, but 'I have to (at some point) pay (something), therefore scrap it', is definitely the wrong mindset.
这篇关于Android应用程序的网络服务器+ API使用联合登录或OpenID的(不GAE)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
