如何将OPENID身份验证集成到REST API和前端框架体系结构中 [英] How to integrate OPENID auth into a REST api and front-end framework architecture
问题描述
我目前正在建立一个网站,要求用户使用 Steam 登录,然后才能使用我的其余部分网站的功能. Steam当前仅支持OPENID进行身份验证.我这样做的方法是按照以下步骤操作:
I am currently making a site that requires a user to log in with Steam before they can use the rest of my website's functionality. Steam currently only supports OPENID for authentication. The way that I have done it is in these following steps:
-
用户按下使用Steam登录"按钮
User presses on "Log in with Steam" button
我的前端重定向到steamcommunity.com
My front-end redirects to steamcommunity.com
如果用户成功登录,则用户的浏览器应重定向到我的后端,然后我将该用户添加到数据库中(如果他们尚不在数据库中)并创建一个JSON Web令牌并将其发送回我的前端.
If the user logged in successsfully, the user's browser should redirect to my backend, I then add the user to the database (if they are not in it already) and create a JSON web token and send it back to my front end.
例如:
myfrontend.com?token={my_json_web_token}
myfrontend.com?token={my_json_web_token}
然后,我的前端将此令牌保存为客户端cookie,并在对服务器的每个请求中,将此cookie的内容发送到服务器.
My front end then saves this token as a client side cookie and on every request to the server, I will send the contents of this cookie to the server.
我已经集成了我的应用程序,但是它正变得越来越流行,所以我想知道我实现它的方式是否有效.
I have already integrated my app but it is just gaining popularity so I'm wondering if the way that I have implemented it works.
谢谢
推荐答案
这听起来像是正确的解决方法.
This sounds like the correct way to go about it.
要注意的一件事是,由于要使用cookie,因此要确保具有CSRF保护,但这并不是您要问的.
One thing to note is that you want to make sure you have some CSRF protection since you are using cookies, but that wasn't exactly what you were asking.
这篇关于如何将OPENID身份验证集成到REST API和前端框架体系结构中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
