谷歌oauth CLIENT-ID用于多站点多用途 [英] google oauth CLIENT-ID for multiple site multitalency purpose
问题描述
我正在基于多才智概念进行项目开发,在该项目中,用户注册了他们的域信息,然后我们为他们创建.每个网站都使用google oauth查看Google Analytics(分析)报告,因此每个站点的管理面板中都需要google oauth授权.我面临的问题是我在Google api上注册了一个应用程序,并且它会生成clinet-id以及在创建google时也定义的 javascript-origin 和 redirect-url -oauth项目在google-api中.我需要知道的是,在没有定义javascript-origin或redirect-url的情况下使用该client-id的任何可能方法,因此google-oauth重定向url将在javascript客户端定义吗?我不想在Google API中注册每个域和回调URL.他们是否有可能使用全局client-id ,即使google已在每个应用程序上固定了二十(20)个网站.
I'm working on project which based on multitalency concept where users registered their domain info and we create for them. Each sites uses google oauth for viewing google analytics report and for that they need google oauth authorization in their admin pannel of each sites. Problem I'm facing is that i registered one application on google api and it generate a clinet-id plus javascript-origin and redirect-url also defined at time of creating google-oauth project in google-api. I need to know is their any possible way to use that client-id without define javascript-origin or redirect-url, so google-oauth redirect url will be defined at client side with javascript? I dont want to register each domain and callback url in google api. Is their any possibility to use global client-id even google has fixed twenty(20) site allowed on each application.
我正在使用Google的javascript oauth脚本,该脚本需要 CLIENT-ID 和 API-KEY 我从此谷歌分析参考
I'm using google's javascript oauth script which requires CLIENT-ID and API-KEY the code i have got from this google-analtyics reference
gadash.configKeys({
'apiKey': API_KEY,
'clientId': CLIENT_ID
});
推荐答案
您的问题的答案是在不定义javascript-origin或redirect-url的情况下,它们有没有可能使用该client-id的任何方法?"是否.这些要求是为了确保安全性.如果客户可以定义它们,那将破坏其安全性目的.
The answer to your question "is their any possible way to use that client-id without define javascript-origin or redirect-url?" is no. These requirements are there for security. If a client could define them, it would defeat their security purpose.
查看回调URL的状态"参数( https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl ).您可以使用它来告诉您的回调例程,回调的起源,然后可以相应地进行操作或重定向.
Have a look at the "state" parameter to the callback URL (https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl). You can use this to tell your callback routine where the callback originated, and it can then behave or redirect accordingly.
这篇关于谷歌oauth CLIENT-ID用于多站点多用途的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
