Ruby，Mechanize，OAuth和LinkedIn，都在一个幸福的家庭中吗? [英] Ruby, Mechanize, OAuth, and LinkedIn, all in one happy family?

问题描述

我正在构建一个Ruby on Rails应用程序:a)通过LinkedIn通过OAuth对用户进行身份验证，并且我想:b)使用获取的OAuth令牌对Mechanize进行身份验证以访问

I am building a Ruby on Rails app that: a) authenticates the user through OAuth via LinkedIn, and I would like to: b) use the acquired OAuth token to authenticate Mechanize for access to http://www.linkedin.com (instead of re-entering the user-name/password into the Mechanize agent).

因此，a)是否可以通过OAuth令牌对Mechanize http访问进行身份验证，b)可以在LinkedIn上使用，c)有人可以指出我的Ruby示例吗?

So, a) is it possible to authenticate Mechanize http access via an OAuth token, b) will this work with LinkedIn, and c) can anyone point me to a Ruby example?

这是我的宝石:

gem 'omniauth', '~> 1.3', '>= 1.3.1'
gem 'omniauth-linkedin', '~> 0.2.0'
gem 'mechanize', '~> 2.7', '>= 2.7.4'

谢谢！

推荐答案

Linkedin提供了一个api，因此您可以遵循他们的协议来获取outh令牌并发出请求.

Linkedin offers an api so you can follow their protocol to get the outh token and make requests.

尽管如此，使用api不同于使用网站.使用oauth令牌并不等同于通过网站登录.

Using the api is different than using the website, though. Using an oauth token isn't equivalent to logging in through the website.

要使用api，建议您搜索一个gem. Google的"LinkedIn oauth rails"命中率很高.这是一个教程- http://sourcey .com/rails-4-omniauth-using-devise-with-twitter-facebook-and-linkedin/

To use the api, I'd recommend searching for a gem. There are a few Google hits for "LinkedIn oauth rails". Here is a tutorial - http://sourcey.com/rails-4-omniauth-using-devise-with-twitter-facebook-and-linkedin/

从技术上讲，您可以获取用户LinkedIn帐户的用户名和密码，然后使用mechsnize在其代表服务器端登录到该网站.但是您不应该这样做，因为这是一种不良的安全做法.使用oauth时，您实际上不会看到他们的LinkedIn凭据，这正是用户想要的.

Technically, you could get the username and password for the users LinkedIn account and then login to the website in their behalf server side using mechsnize. But you shouldn't do this, because it's a bad security practice. With oauth you never actually see their LinkedIn credentials, which is what users want.

简而言之，LinkedIn希望您使用他们的api代表用户做任何事情.您必须实现一个oauth方案才能执行此操作.如果这看起来很痛苦，请不要气disc.对于许多经验丰富的开发人员而言，Oauth并非易事.

In short, LinkedIn expects you to use their api to do anything on behalf of users. You'll have to implement an oauth scheme to do this. Don't be discouraged if this seems like a pain to set up. Oauth isn't an easy thing for many seasoned developers.

这篇关于Ruby，Mechanize，OAuth和LinkedIn，都在一个幸福的家庭中吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！