[UWP]如何在应用程序之间共享身份验证令牌 [英] [UWP]How to share authentication tokens between apps

问题描述

您好，

我有2个我在Windows 10手机上运行的cordova应用程序，当我登录到一个应用程序时，它会从服务器下载令牌。我想在手机上安装的所有应用程序之间共享这些令牌，这些应用程序是由我开发的。

所需的行为是：当用户输入他/她的用户名和密码时应用程序，我在设备的某个地方保存令牌，当用户启动我开发的另一个应用程序时，他们不必再次输入用户名和密码。同样，当
用户在一个应用程序中注销时，我会删除已保存的令牌，当用户启动另一个应用时，他们也会在该应用中注销，因为令牌不再可用。

有没有办法实现这个目标？我尝试使用PasswordVault，但似乎我无法读取一个应用程序保存的令牌，即使他们正在创建具有相同资源名称的保险库。

我想要提供类似的功能通过Android的AccountManager API

问候，

Ashish

解决方案

Hello
Elementum SCM ，

每个WinRT应用程序都运行自己的沙箱。这是什么意思？每个应用程序都有自己的私有容器，用于保存App设置，证书，密码。只有所有者应用才能访问此数据。但您可以通过应用程序提供服务以实现您的目标。对于
示例，您可以
AppService  在您的应用程序中，如果用户打开您的某个应用程序，它会检查您的其他应用程序提供的任何可用AppService并将请求发送到第一个可用于获取凭据的请求，如果没有，则检查下一个应用程序，最后如果没有
您的应用没有凭据然后打开登录页面。 

您可以在AppServices中实施某些安全措施，使第三方应用无法访问您的应用服务。

Hello,

I have 2 cordova apps that I am running on Windows 10 phone and when I login in to one app, it downloads the tokens from the server. I want to share these tokens between all the apps, installed on this phone, that are developed by me.

The desired behavior is: When a user enters his/her username and password in one app, I save the tokens somewhere in the device and when user launches another app, developed by me, they don't have to enter their username and password again. Similarly when user logs out in one app, I delete the saved tokens and when user launches another app, they are logged out in that app too because tokens are not available anymore.

Is there any way to achieve this? I tried using PasswordVault but it seems that I can not read the tokens saved by one app in to another even when they are creating vault with same resource name.

I want a similar functionality as provided by AccountManager API of Android

Regards,

Ashish

解决方案

Hello Elementum SCM,

Each WinRT app run its own sandbox. What this mean? Each app have its own private container for saving App settings , certificates , passwords. Only owner app can access to this data. But you can provide service from your app to achieve what you want. For example you can have AppService  in your apps, if the user open one of the your apps it check any available AppService provided from your other apps and send request to first available for getting credentials , if there is no, then check next app and finally if none of your apps don't have credentials then open login a page. 

You can implement some security in AppServices that third party apps can't  get access to your app service.

这篇关于[UWP]如何在应用程序之间共享身份验证令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！