可以使用的OAuth使用移动设备和QR codeS双因素认证来实现? [英] Can OAuth be implemented with two factor authentication using a mobile device and QRCodes?
问题描述
我一直在寻找到OAuth的,看它是否能在一个项目我工作中使用。我开始怀疑其可能的。它是基于两个因素身份验证与移动设备。
I've been looking into OAuth to see if it can be used in a project I'm working on. I'm starting to doubt if its possible. It's based on two factor authentication with a mobile device.
基本上我有一个登录页面,成功登录后一个QR code会出现在屏幕上。用户将被提示扫描此code与他们的Android设备(一个应用程序,我正在做我自己),将它们与服务器进行身份验证。
Essentially I'll have a login page where upon successful login a QRCode will appear on screen. The user will be prompted to scan this code with their android device (An app I'm making myself) which will authenticate them with the server.
我不知道这是否与OAuth的模式适合,所以我想我可能需要来设计我自己的协议而不是
I'm not sure if this fits with the OAuth paradigm so I'm thinking I may need to design my own protocol instead.
任何意见AP preciated。
Any advice appreciated.
推荐答案
我不认为这里的OAuth找到一个地方,你只有一台服务器,你的移动用户是不知道的。 OAuth是用来当客户端(如:web应用程序,Android应用)需要与服务器(例如:谷歌加)代表最终用户的,有拥有一些资源(如:最终用户的谷歌驱动器文件)保护他们的凭据。例如:你不能/ dont'need知道他们在Gplus密码,GPlus告诉你他们被授权的用户那里,让你做代表他们的东西,看的 http://en.wikipedia.org/wiki/OAuth
I don't think OAuth finds a place here, you have only one server and your mobile user is not known to it. OAuth is used when a client (eg:web-app, android app) needs to talk to a server (eg:Google Plus) on behalf of an end-user that there owns some resource (eg: end user google drive files), protecting their credentials. Eg: You cannot/dont'need to know their password in Gplus, GPlus tells you they are authorized users there and allows you to do things on their behalf, see http://en.wikipedia.org/wiki/OAuth
为什么用户不插入在Android应用程序的用户名和密码,没有QR code?我不'想你用这个QR code,任何人都可以扫描添加任何安全,看看谷歌2步:的 http://en.wikipedia.org/wiki/Two-step_verification 他们发送短信
Why you user does not insert username and password in the Android App, without the QRcode ? I dont' think you are adding any security with this qrcode that anybody can scan, look at Google 2 Step: http://en.wikipedia.org/wiki/Two-step_verification they send an sms
这篇关于可以使用的OAuth使用移动设备和QR codeS双因素认证来实现?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
