在两个网站之间共享身份验证 [英] Share authentication between two websites

问题描述

在两个站点之间共享登录的最佳/正确技术是什么.

What is the best/proper technique to share login between two sites.

我有网站 A 和一些网站 B.两种类型都属于同一家公司，但 B 在客户场所运行.我想要的是，用户在 B 中登录，当由于某种原因重定向到 A 时，他们不需要再次登录，他们可以在 A 中使用他们的帐户.

I have website A, and some websites B. Both types belong to the same company, but B is running on the customer premises. What I would like, is that users login in B, and when redirected to A for some reason, they don't need to login again, and they can work with their account in A.

当然，公司会为每个B"用户进行登录.问题是用户可以在 A 或 B 中发起登录.

Of course, the company will make logins for each 'B' user. The problem is that the user could initiate the login in A or B.

OAuth 可以吗?或者 OpenID 会更合适?

Would OAuth do? Or OpenID would be more suitable?

另一种选择是在 GET 字符串中传递 GUID 令牌，具有排序的生存时间并且仅对请求者的 IP 地址有效，但不确定用户是否会通过同一网关访问网站.

Another option is pass a GUID token in the GET string, with a sort time to live and only valid for the IP address of the requester, but it is not sure the user would access the web sites through the same gateway.

谢谢

推荐答案

OAuth 正是您所需要的.OpenID 提供的发现仅在用户选择进行身份验证(而不是您的用例)时才有用.此外，OpenID 要复杂得多，而且是一个即将消失的协议.

OAuth is exactly what you need. OpenID offers discovery which is only useful when the user gets to choose who to authenticate with (not your use case). Also, OpenID is much more complicated and is a dying protocol.

在您的场景中，服务器 A 是 OAuth 服务器(或 OAuth 2.0 中的授权服务器)，服务器 B 是客户端.有很多方法可以实现这一点，但我建议您首先查看(并尝试)Facebook OAuth 2.0 实现的工作原理.它将让您很好地了解所涉及的内容及其一些扩展(例如显示)，从而使其更加用户友好.

In your scenario, Server A is the OAuth server (or authorization server in OAuth 2.0) and Server B is the client. There are many ways to implement this, but I would suggest you start by looking (and trying) how Facebook OAuth 2.0 implementation works. It will give you a good idea of what is involved and some of their extension (e.g. display) which make it more user-friendly.

这篇关于在两个网站之间共享身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！