适用于多种服务的oAuth令牌 [英] oAuth token for multiple services

问题描述

我有一个Dropbox帐户，该帐户是通过Google帐户登录创建的. 因此，我的Dropbox帐户已链接到Google帐户.

我有一个android应用程序，我的用户可以通过Google/Facebook创建他们的帐户.

问题是，如果用户可以通过其Google帐户登录一次我们的应用程序，然后使用这些相同的基础google凭据，则该用户将自动登录到Dropbox帐户[也许是一个简单的确定"按钮身份验证]，这样他们就不必输入两次登录凭据了?

我正计划使用oAuth来实现.关于是否可能的任何指导都将有所帮助.我不希望有代码，但需要一些指导.

解决方案

通常，您要问的是不可能的. Google发出的凭据/断言是针对特定应用程序的，只有该应用程序才能接受这些凭据. 因此，当用户登录到您的应用程序时，您会从Google那里获得凭据，该凭据适用于您的应用程序. Dropbox还接受Google为Dropbox发行的凭据.您的应用无法将一个应用转换为另一个应用(如果可能会造成很大的安全问题，例如一个应用可以登录到用户的所有其他应用/帐户中，这些应用/帐户均接受Google凭据作为拟人银行帐户).

您想要做的是与Dropbox的OAuth Apis集成，当用户浏览它们时，尝试预填充信息以简化流程.如果您向同一位用户(已登录)向Google OAuth流发送用户电子邮件"(以使用户登录到保管箱)，则他们可以轻松地通过该流. https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest

I have a Dropbox account which was created by logging in via the Google account. So, my Dropbox account is linked to the Google account.

I have an android application and my users can create their accounts either via Google/Facebook.

The question is,if it is possible for the user to login to our app once via his Google Account, and then using these same underlying google's credentials the user automatically gets logged in to Dropbox Account [Maybe a simple 'OK' button authentication is needed], so that they need not enter their login credentials twice?

I am planning to implement this using oAuth. Any guidance on whether is possible or not will be helpful. I am not expecting code but some guidance.

解决方案

In general what you are asking is not possible. The credentials/assertions that Google issues are for a specific app and only that app should accept those credentials. So when a user signs into your app, you get a credentials from Google that says this is for your app. Also Dropbox accepts credentials from Google that was issued for Dropbox. Your app can not convert one into another (if it could this would be a big security issue e.g. one app could sign into a user's all other apps/account that accept Google credentials for expalple bank account).

What you want to do is integrate with the OAuth Apis that are from Dropbox and when the user is going through them try to prefill information to make the flow easier. If you send "user email" to Google OAuth flow (to get user signed into dropbox) for the same user (who is signed in) they could go through the flow easily. https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest

这篇关于适用于多种服务的oAuth令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！