AbstractAuthorizationCodeServlet和AbstractAuthorizationCodeCallbackServlet之间是什么关系? [英] What is the relationship between AbstractAuthorizationCodeServlet and AbstractAuthorizationCodeCallbackServlet?

问题描述

我试图理解

否1.这里代表 Oauth2AuthorizationCodeServlet

否2.这里表示 Oauth2CallbackServlet

这是两个不同的servlet，分别负责登录流程的各个部分.1-使用一些URL参数(如重定向url)将用户重定向到google登录表单.2-在用户完成登录后处理回调，此servlet可以从google访问用户信息，在google中代表用户执行操作等.

要回答您的问题:

为什么Google的OAuth 2.0库不能使用第一类返回的值?

它们是两个单独的servlet-在两个单独的servlet之间执行通信是不正确的.

相应的函数返回不同的值是否有意义?例如，让他们的getRedirectUrl()函数返回不同的URL是否有意义?

在通常情况下，我认为从那些servlet返回不同的值并不合理，但是可能存在一些特殊情况，在这种情况下，您必须针对不同的用例支持多个google登录回调网址.

I'm trying to understand this example project which uses Google's OAuth library to let users login with their Google account.

Specifically, I'm trying to understand the relationship between Oauth2AuthorizationCodeServlet.java and Oauth2CallbackServlet.java. I know that Google's OAuth 2.0 library uses them to kick off the authorization flow and to handle the result after the user logs in, and I've read through the documentation for both abstract classes, but I'm wondering why both classes need to repeat the same logic?

• Both classes define getUserId() functions which return the same value.
• Both classes define initializeFlow() functions which return the same value.
• Both classes define getRedirectUri() functions which return the same value.

The code works fine, and I can see that the functions are called in this order:

1. Oauth2AuthorizationCodeServlet#getUserId()
2. Oauth2AuthorizationCodeServlet#initializeFlow()
3. Oauth2AuthorizationCodeServlet#getRedirectUri()
4. Oauth2CallbackServlet#initializeFlow()
5. Oauth2CallbackServlet#getRedirectUrl()
6. Oauth2CallbackServlet#getUserId()
7. Oauth2CallbackServlet#onSuccess()

But I'm wondering why the repeated functions in Oauth2CallbackServlet are necessary.

Why can't Google's OAuth 2.0 library use the values returned by the first class? Would it ever make sense for the corresponding functions to return different values? For example, would it ever make sense for their getRedirectUrl() functions to return different URLs?

解决方案

Here is simplified diagram of google oauth login flow.

No 1. here represents Oauth2AuthorizationCodeServlet

No 2. here represents Oauth2CallbackServlet

Those are two different servlets, responsible for separate parts of login flow. 1 - redirects user to google login form with some url params like redirect url. 2 - handles callback after user finished with login, this servlet can access user info from google, perform actions on user behalf in google etc.

To answer your questions:

Why can't Google's OAuth 2.0 library use the values returned by the first class?

Those are two separate servlets - it would be incorrect to perform communication between two separate servlets.

Would it ever make sense for the corresponding functions to return different values? For example, would it ever make sense for their getRedirectUrl() functions to return different URLs?

In common scenario i don't think it makes sense to return different values from those servlets, but maybe some exotic scenario exists, where you have to support multiple google login callback urls for different use cases.

这篇关于AbstractAuthorizationCodeServlet和AbstractAuthorizationCodeCallbackServlet之间是什么关系?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！