没有redirect_uri的Oauth2流 [英] Oauth2 flow without redirect_uri
问题描述
我正在创建一个与Node.js服务器通信的Android/iOS应用,并希望使用Google(和/或Facebook)和OAuth2在我的服务器上安全地标识它们.我查看了以下文档: https://developers.google. com/+/web/signin/server-side-flow
I am creating an Android/iOS app which communicates with a Node.js server and would like to identify them securely on my server using Google (and/or Facebook) and OAuth2. I've looked at the following documentation: https://developers.google.com/+/web/signin/server-side-flow
我不需要授权,我只需要身份验证(我只想确保调用Node.js服务的人就是他们所说的人).为此,如果我理解正确,我必须让用户在客户端上使用Google登录,这将为他们提供一个authorization_code,然后可以将其提供给我的服务器.然后,我的服务器可以将该代码交换为access_token,因此可以检索有关用户的信息.然后,我保证用户就是他们所说的那个人.
I do not need authorization, I only need authentication (I only want to make sure that the person calling my Node.js service is the person they say they are). To achieve this, if I understand properly, I have to let the user log in using Google on the client side, this will give them an authorization_code which they can then give to my server. My server can then exchange that code for an access_token, and therefore retrieve information about the user. I am then guaranteed that the user is the person they say they are.
Google文档(上面的链接)说:在授权重定向URI"字段中,删除默认值.在这种情况下,不使用默认值."但是,对于我的服务器来说,它要将authorization_code交换为access_token,它需要以提供redirect_uri,我是否缺少某些东西?
The Google documentations (link above) says: "In the Authorized redirect URI field, delete the default value. It is not used for this case.", however, for my server to exchange the authorization_code for an access_token, it needs to provide a redirect_uri, am I missing something?
例如redirect_uri在Unity游戏中是无用的(因为使用Google登录仅打开了一个新的窗口",该窗口在登录时即关闭,不涉及重定向).
The redirect_uri is useless for Unity games, for instance (since logging in with Google simply opens a new "window", which is closed when logged in, no redirection involved).
TL; DR 您如何使用OAuth2在我的客户端和服务器之间对用户进行身份验证而无需重定向?
TL;DR How do you use OAuth2 to authenticate users between my client and my server without redirection?
推荐答案
TL; DR您如何使用OAuth2在客户端和服务器之间对用户进行身份验证而不进行重定向?
不能. OAuth要求将用户定向到授权(可能还有登录)屏幕,然后重定向回您的应用.
You can't. OAuth requires that the user is directed to an authorization (and possibly login) screen, and then redirected back to your app.
这篇关于没有redirect_uri的Oauth2流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
