如果用户通过社交登录名登录,那么移动应用程序如何通过后端API进行身份验证? [英] How does a mobile app authenticate with a backend API if the user signs in through social logins?
问题描述
我试图了解移动应用程序上的社交登录之间的基本组织和登录流程,以及该应用程序如何从后端Flask API请求资源.
I'm trying to understand the basic organizations and login flow between social logins on a mobile app and how that app requests resources from a backend flask api.
如果用户通过Facebook登录到应用程序,后端api如何根据该登录信息提供资源?因为后端似乎不知道用户已使用Facebook登录.
If the user logins into the app through Facebook, how does the backend api provide resources based on that login? Because it seems the backend doesn't know the user has logged in with Facebook.
facebook是否需要将令牌发送到后端api然后通过facebook进行验证的应用程序?
Does facebook need to send a token to the app that the backend api then validates with facebook?
推荐答案
我建议您首先阅读有关单点登录机制的信息:
I suggest you to first read about single sign-on mechanisms:
https://en.wikipedia.org/wiki/Single_sign-on
然后您可以从此处阅读有关Facebook用于SSO的OAuth2的信息
Then you can read about OAuth2 which is used by Facebook for SSO from here
https://www.digitalocean.com/community /tutorials/an-introduction-to-oauth-2
您是正确的,当用户在Facebook上登录时,后端将从Facebook获得令牌,用于对该用户进行身份验证/授权.
Simply you are correct, when user signs-in on Facebook, the backend will get token from Facebook that is used for authentication/ authorization of that user.
这篇关于如果用户通过社交登录名登录,那么移动应用程序如何通过后端API进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
