Google API:如何在不进行重定向的情况下进行身份验证? [英] Google API : How to authenticate without redirection?

问题描述

当最终用户在我们的网站上执行某些操作时，我们想使用Google Doc API生成文档(在我们自己的企业帐户中).

We want to use Google Doc API to generate Document (In our own business account) when our end users do some actions on our site.

问题在于，我们已尝试按照v3.0协议文档中的建议实施OAuth 2.0协议. apiClient :: authentication方法执行重定向.这是一个主要问题，因为我们的用户不知道对我们自己的企业帐户的访问权限....而且我们也不想授予他们访问权限；)

The problem is that we've tried to implement the OAuth 2.0 protocol, as suggested in the v3.0 protocol documentation. The apiClient::authentication method do a redirection. This is a major problem because our users doesn't know the access to our own business account.... and we don't want to give them access anyway ;)

(换句话说，我们并不是在创建一个应用程序，该应用程序允许我们的用户编辑自己的数据，但可以与我们的数据进行交互，例如数据库).

(In other word, we're not creating an application that allow our users to edit their own data, but to interact with our data, like a database.)

我已阅读OAuth 2.0的要点是避免我们管理用户的凭据.我个人是这个概念，但就我们而言，我们不想在用户的google帐户中通过身份验证...

I've read that the point of OAuth 2.0 was to avoid that we manage the credential of our users. I'm personally O.K. with the concept, but in our case, we don't want to get authenticated in the google account of our users ...

那么，在没有最终用户任何交互的情况下获得有效身份验证的最佳方法是什么?

So, what would be the best approach to get a valid authentication without any interaction from the end user ?

推荐答案

您所描述的并不是设计三足式OAuth的方式.

What you describe is not how 3-legged OAuth was designed to be used.

三足式OAuth完全是关于授权身份验证的，用户(知道其密码)可以向应用程序授予有限且可撤消的资源访问权限.该应用程序永远看不到用户的密码.要安全地允许应用程序模拟用户，需要进行大量工作.

3-legged OAuth is all about delegated authentication where a user (who knows his password) can grant limited and revokable resource access to application. That application never sees the user's password. There is a bunch of work involved to safely allow the application to impersonate the user.

您可能想要使用(两足式)OAuth流程，其中consumer_id/consumer_secret凭据嵌入在您的应用程序中.在这里，您的应用程序不会冒充最终用户，因此不会涉及浏览器重定向.

What you probably want is to use the (2-legged) OAuth flow, where the consumer_id/consumer_secret credentials are embedded in your application. Here your application is not impersonating your end user and there would be no browser redirection involved.

以下是有关在Google Apps中使用两足式OAuth的更多信息: http://googleappsdeveloper.blogspot.com /2011/07/using-2-legged-oauth-with-google-tasks.html

Here's some further info on using 2-legged OAuth in Google Apps: http://googleappsdeveloper.blogspot.com/2011/07/using-2-legged-oauth-with-google-tasks.html

这是3腿和2腿OAuth的很好描述: http://cakebaker.42dh.com/2011/01/10/2-legged-vs-3-legged-oauth/

And this is a good description of 3- vs 2- legged OAuth: http://cakebaker.42dh.com/2011/01/10/2-legged-vs-3-legged-oauth/

这篇关于Google API:如何在不进行重定向的情况下进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！