单一登录(SSO)-工作流程 [英] Single Sign On (SSO) - workflow
问题描述
我希望在以后的所有php/angular应用程序中实现SSO.我看到有些服务(Auth0,oauth.io等)属于SSO应用的中间人,并且存在诸如OAuth 1.0/2.0之类的协议,但是关于创建自定义SSO解决方案(使用上述OAuth协议,我认为),我对该过程的整个流程有些困惑.
I am looking to implement SSO in all my future php/angular applications. I see there are services (Auth0, oauth.io, etc) that are sort of the middle man of an SSO app and there are protocols such as OAuth 1.0/2.0 but in regards to creating a custom SSO solution (using aforementioned OAuth protocols, I assume), I am a little foggy on the complete flow of the process.
我会得到什么:
- 应用获取访问令牌
- (可选)应用程序验证访问令牌
- 应用程序(带有访问令牌)可以访问特定的API并返回结果.为了例如,Facebook个人资料信息.
我没有得到的东西:
一旦获得该信息该如何处理.每次登录时,我是否都保留访问令牌并从API来源请求信息?如何将自己的应用程序数据与API数据相关联?我会创建另一种只包含访问令牌和应用程序的用户ID的用户记录吗?
What to do with that information once I have it. Do I retain the access token and request information from the API source each time they login? How do I relate my own application data to the API data? Would I create a different kind of user record that just contains the access token and application's userid?
推荐答案
我是否在每次登录时都保留访问令牌并向API源请求信息?
如果令牌没有过期,则可以将其保留在数据存储中,并在每个请求中使用它.但是,令牌会多次失效,并且每次启动会话时都需要请求一个新令牌.在这种情况下,您可能会将令牌存储在内存中,而不是永久存储位置中.
If the token does not expire, you can hold on to it in a data store and use it with each request. Many times, though, the token will expire, and you need to request a new one each time you start a session. In this case you'd probably store the token in memory instead of a permanent storage location.
如何将自己的应用程序数据与API数据相关?
我想我们需要对您的应用程序有更多的了解,才能回答这个问题.
I think we'd need to know a little more about your application to answer this question.
我会创建另一种类型的用户记录,仅包含访问令牌和应用程序的用户ID吗?
同样,我们可能需要更多有关您的应用程序的信息.如果要保留令牌(如果令牌没有过期),则需要考虑如何存储令牌.如果没有,则可以将其放入局部变量或会话中.
Again, we'd probably need a little more information about your application. If you were persisting the token (in the case that it doesn't expire), then you need to make some considerations about how you want to store it. If not, you can probably just put it into a local variable or session.
这篇关于单一登录(SSO)-工作流程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
