非Web应用程序的OAuth重定向URI替代方案? [英] OAuth redirect URI alternatives for non-web applications?
问题描述
处理用于OAuth身份验证的重定向URI的最佳方法是什么?
What would be the best way to handle redirect URIs for OAuth authentication?
在一些项目中,我曾经启动过一个Web服务器,该服务器将等待身份验证发送回去.没有本地Web服务器,有什么方法可以触发任何类型的代码,还是推荐的方法?
In a few projects, I used to boot up a web server that would wait for the authentication to be sent back. Is there any way to trigger any type of code without a local web server, or is it the recommended way?
我不是在寻求任何特定语言的帮助,这更像是一个与语言无关的问题.
I'm not asking for help about any specific languages, this is more like a language agnostic question.
推荐答案
侧面注:漂亮的头像...:)
选择最佳方法将取决于确切的方案以及您的应用程序可能有的其他要求,但是,我们可以查看一些选项以及选择它们的可能含义.
Deciding on the best approach will depend on the exact scenario and any additional requirements your application might have, however, we can look at a few options and possible implication of choosing them.
OAuth 2.0规范提出了一些解决此问题的方法,使用嵌入式用户代理或依靠外部代理.
The OAuth 2.0 specification suggests a few options to solve this issue, either using an embedded user-agent or relying on an external one.
嵌入式用户代理可以让您更好地控制UI方面,但是,通过利用外部用户代理,您的用户可以从已经建立的会话中受益,而不必再次输入凭据.
The embedded user-agent may allow you better control on the UI aspects, however, by leveraging an external user-agent your users might benefit from an already established session and avoid having to input credentials one more time.
对于外部用户代理,我们有几种选择:
For an external user-agent we have a few options:
外部用户代理-本地应用程序可以使用(1)重定向URI从授权服务器捕获授权服务器的响应,该重定向URI已在操作系统中注册,以调用客户端作为处理程序,(2)手动复制和粘贴凭据,(3)运行本地Web服务器,(4)安装用户代理扩展,或通过(5)提供重定向URI来标识客户端控制下的服务器托管资源,从而使响应可用于本机应用程序.
External user-agent - the native application can capture the response from the authorization server using a (1) redirection URI with a scheme registered with the operating system to invoke the client as the handler, (2) manual copy-and-paste of the credentials, (3) running a local web server, (4) installing a user-agent extension, or by (5) providing a redirection URI identifying a server-hosted resource under the client's control, which in turn makes the response available to the native application.
选项1:
您使用应用程序在操作系统中注册的自定义方案配置重定向,这样,当外部用户代理收到指示重定向到您的方案的响应时,将调用您的应用程序.
You configure a redirect using a custom scheme that your application registered in the operationg system, this way your application gets called when an external user-agent receives a response indicating a redirect to your scheme.
选项2:
您重定向到仅显示带有代码的漂亮页面的位置,并要求用户在您的应用程序中手动输入.
You redirect somewhere that just shows a pretty page with the code and ask the user to input it manually in your application.
选项3:
您已经使用过该服务器,基本上应用程序启动了本地Web服务器,并将重定向配置为类似于http://localhost:[port]/
的行.
You already used this one, basically the application starts a local web server and you configure the redirect to be something along the lines of http://localhost:[port]/
.
选项4:
通过安装用户代理扩展,您将使代码与浏览器一起运行,从而可以将代码自动传达给您的应用程序.
By installing a user-agent extension you would have code running with the browser that could communicate the code automatically to your applications.
选项5:
您配置重定向URI,该URI指向您托管的某些服务器端代码,并且您的客户端Android应用程序可以识别该重定向URI,以便它可以从该URL中获取代码.
You configure a redirection URI that points to some server-side code you host and that your client Android application is aware of so that it can grab the code from that URL.
有关此主题的更多信息,请检查: OAuth 2.0 for Native Apps
For much more information on this topic, check: OAuth 2.0 for Native Apps
另外,如果您不想在需要服务器上某些逻辑的选项上使用完整的服务器端,则可以通过编写如下所示的服务器端逻辑,使用更少的代码行来完成相同的操作: Webtask (请确保使用自定义域).
As an additional not, if you don't want to go full server-side on the options that require some logic on the server, you can accomplish the same using much less lines of code by writing your server-side logic as a Webtask (be sure to use a custom domain).
披露:我是Auth0工程师.
Disclosure: I'm an Auth0 engineer.
这篇关于非Web应用程序的OAuth重定向URI替代方案?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!