如何将 OPENID auth 集成到 REST api 和前端框架架构中 [英] How to integrate OPENID auth into a REST api and front-end framework architecture
问题描述
我目前正在制作一个网站,要求用户使用 Steam 登录,然后他们才能使用我的其余部分网站的功能.Steam 目前仅支持 OPENID 进行身份验证.我这样做的方式是在以下步骤中:
I am currently making a site that requires a user to log in with Steam before they can use the rest of my website's functionality. Steam currently only supports OPENID for authentication. The way that I have done it is in these following steps:
用户按下使用 Steam 登录"按钮
User presses on "Log in with Steam" button
我的前端重定向到 steamcommunity.com
My front-end redirects to steamcommunity.com
如果用户成功登录,用户的浏览器应该重定向到我的后端,然后我将用户添加到数据库中(如果他们还没有)并创建一个 JSON Web 令牌并将其发送回我的前端.
If the user logged in successsfully, the user's browser should redirect to my backend, I then add the user to the database (if they are not in it already) and create a JSON web token and send it back to my front end.
例如:
myfrontend.com?token={my_json_web_token}
然后我的前端将此令牌保存为客户端 cookie,并且在对服务器的每个请求时,我都会将此 cookie 的内容发送到服务器.
My front end then saves this token as a client side cookie and on every request to the server, I will send the contents of this cookie to the server.
我已经集成了我的应用,但它刚刚变得越来越流行,所以我想知道我实现它的方式是否有效.
I have already integrated my app but it is just gaining popularity so I'm wondering if the way that I have implemented it works.
谢谢
推荐答案
这听起来是正确的做法.
This sounds like the correct way to go about it.
需要注意的一点是,由于您使用的是 cookie,因此您希望确保您有一些 CSRF 保护,但这并不是您所要求的.
One thing to note is that you want to make sure you have some CSRF protection since you are using cookies, but that wasn't exactly what you were asking.
这篇关于如何将 OPENID auth 集成到 REST api 和前端框架架构中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
