如果用户通过社交登录登录,移动应用程序如何使用后端 API 进行身份验证? [英] How does a mobile app authenticate with a backend API if the user signs in through social logins?
问题描述
我试图了解移动应用上社交登录之间的基本组织和登录流程,以及该应用如何从后端烧瓶 api 请求资源.
I'm trying to understand the basic organizations and login flow between social logins on a mobile app and how that app requests resources from a backend flask api.
如果用户通过 Facebook 登录应用,后端 api 如何根据该登录提供资源?因为后端似乎不知道用户已使用 Facebook 登录.
If the user logins into the app through Facebook, how does the backend api provide resources based on that login? Because it seems the backend doesn't know the user has logged in with Facebook.
facebook 是否需要向应用程序发送令牌,然后后端 api 会使用 facebook 验证?
Does facebook need to send a token to the app that the backend api then validates with facebook?
推荐答案
我建议你先阅读一下单点登录机制:
I suggest you to first read about single sign-on mechanisms:
https://en.wikipedia.org/wiki/Single_sign-on
然后您可以从这里阅读 Facebook 用于 SSO 的 OAuth2
Then you can read about OAuth2 which is used by Facebook for SSO from here
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
你是对的,当用户登录 Facebook 时,后端会从 Facebook 获取用于对该用户进行身份验证/授权的令牌.
Simply you are correct, when user signs-in on Facebook, the backend will get token from Facebook that is used for authentication/ authorization of that user.
这篇关于如果用户通过社交登录登录,移动应用程序如何使用后端 API 进行身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
