用于可分发 Web 应用程序的 OAuth 2.0 [英] OAuth 2.0 for distributable web applications
问题描述
我想弄清楚如何使用 OAuth 2.0 从我的网络应用程序访问 Google API.问题是,该协议要求开发人员注册 redirect_uri(接收访问令牌的页面 URL).但是我的应用程序可以分发给许多客户,并且可以托管在无限数量的服务器上.没有办法事先知道 redirect_uri.
I'm trying to figure out, how to use OAuth 2.0 to access Google APIs from my web app. The problem is, that the protocol require developer to register redirect_uri (URL of page receiving access token). But my application can be distributed to many customers and can be hosted on endless number of servers. There is no way to know redirect_uri beforehand.
Google 为已安装的应用程序提供了另一种选择,但我也不能使用此变体.身份验证服务器在窗口标题中返回访问代码,并且无法从我们页面的 javascript 访问此信息(JS 无法访问使用 window.open() 打开的窗口的内容;如果该内容来自不同的服务器).
Google offers another option for installed applications, but I cannot use this variant neither. Auth server returns access code in window title and this information cannot be accessed from javascript of our page (JS cannot access content of window opened using window.open(); if that content comes from different server).
总结:
- 无法对 Web 应用程序使用方法,因为我不知道我们的应用程序将来在哪里运行的所有 URL.
- 无法对已安装的应用程序使用方法,因为无法通过我们的 JavaScript 代码访问窗口标题.
是否有任何建议,如何从在许多服务器上运行的可分发 Web 应用程序使用 Google 的 OAuth 2.0?谢谢.
Is there any recommendation, how to use Google's OAuth 2.0 from distributable web application running on a lots of servers? Thank you.
推荐答案
您确定无法访问窗口标题吗?如果您的应用程序正在打开窗口,它应该能够访问它.应该可以像在移动应用中那样执行此操作.
Are you sure you cannot access the window title? If your app is opening the window, it should be able to access it. It should be possible to do this in a similar way you would do it in a mobile app.
如果所有尝试都失败,您可以设置一个代理服务器(具有已知的重定向 URI)并将 Google 令牌分发给您的所有客户端.或者更好的是,每个应用程序都可以有自己的代理服务器——它是从服务器下载的.但是如果每个 OAuth 客户端只能有一个重定向 URI,那么每个应用程序就必须是一个单独的 OAuth 客户端.
If all attempts fail, you could set up a proxy server (that has a known redirect URI) and hands out the Google tokens to all your clients. Or better each of the apps could have its own proxy server - the server it was downloaded from. But then if each OAuth client can only have one redirect URI, each app would have to be a separate OAuth client.
这篇关于用于可分发 Web 应用程序的 OAuth 2.0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
