如何通过OAuth的授权与第三方移动应用但连接到我的服务,而不是第三方 [英] How to authorize mobile apps with a third party by oauth BUT connect to my service, not the 3rd party
问题描述
我的应用程序的架构如下:我有一个Web服务(GAE上运行的,这个问题不是很相关的),并且此服务包含通过网站和移动和桌面应用程序提供的数据。
My app is architected as follows: I have a web service (running on GAE, not very relevant to this question) and the data that this service contains is made available through a website and through mobile and desktop apps.
目前,该用户验证到通过谷歌的ClientLogin的网站和应用程序认证/ GET通过GAE的内置的OAuth提供授权。 (这里正在使用的OAuth主要用于验证,我的应用程序实际上并未通过OAuth不是用户的唯一的ID和电子邮件地址等使用任何外部数据。)
Currently, the user authenticates to the website via Google ClientLogin and the apps authenticate/get authorized via GAE's built-in oauth provider. (OAuth is being used here mostly for authentication, my app doesn't actually use any external data via OAuth other than the user's unique ID and email address.)
我想要做的是扩大用户可以用它来登录服务的数量。由于应用的复杂因素,看来我需要的OAuth。但我真的不能正确地概念化这个流程应该怎么走。
What I'd like to do is expand the number of services that users can use to login. Because of the complicating factor of the apps, it seems I need OAuth. But I can't really properly conceptualize how this flow should go.
让我们的Facebook作为例子。当一个移动应用程序经过Facebook的OAuth的流量,并获得访问令牌,这是不够的 - 因为它我的服务,而不是应用程序,实际需要与Facebook来检索联系人信息和唯一的用户ID。这使我认为OAuth的过程需要我的服务,而不是移动应用的背景下发生的。然后我的服务变得对消费者和Facebook的OAuth providor,服务持有的OAuth访问令牌,这种情况发生在用户设置他们的帐户首次。
Lets take Facebook as an example. When a mobile app goes through the Facebook oauth flow and acquires an access token, this isn't enough - because its my service, not the app, that actually needs to talk to facebook to retrieve contact info and a unique user ID. This leads me to think that the OAuth process needs to happen in the context of my service, and not the mobile app. My service then becomes the consumer and Facebook the oauth providor, and the service holds on to the oauth access token, this happens when a user sets up their account for the first time.
如果这是正确的做法,这会给身份验证的应用程序?当用户已经有一个帐户,并安装移动应用的一个新的实例,会发生什么?我想也将通过OAuth的过程中,匹配了数据的凭证已被我的服务存储,然后发出我自己的访问令牌的应用程序从服务,授权的应用程序的实例。这似乎令人费解和hackish的。
If this is the correct approach, where does that leave authentication for the apps? What happens when the user already has an account and installs a fresh instance of a mobile app? I imagine also going through the oauth process, matching up credentials with the data already stored by my service, and then issuing my own "access token" to the app from the service, to authorize that instance of the app. This seems convoluted and hackish.
我敢肯定,我不能谁实际上是借第三方账户系统与后端移动应用程序的唯一的人,但我真的看不出有什么正确的方式做这是
I'm sure I can't be the only person who is in effect "borrowing" the account system of a third party for a mobile app with a backend, but I really don't see what the proper way to do this is.
我是什么没有看到和/或获取概念错了?
What am I not seeing and/or getting conceptually wrong?
推荐答案
几个同事和我曾经做过一个项目的性质颇为相似,早在大学。我们或者通过Facebook或Foursquare的验证我们的用户,使用各自的OAuth的API。
A few colleagues and I once did a project quite similar in nature, back in university. We authenticated our users through either Facebook or Foursquare, using their respective OAuth APIs.
应用程序的原生Android版本与OAuth的提供商的开始页面,它重定向到我们的服务认证之后开辟了的WebView 。然后,我们的服务没有从OAuth的提供商OAuth令牌的请求(四方有一些 pretty简单说明 )。当我们明白了道理,我们使用cookie,我们可以从应用程序的访问建立一个会话。
The native Android version of the app opened up a WebView with the OAuth provider's start page, which redirected back to our service after authentication. Then our service did a request for the OAuth token from the OAuth provider (Foursquare has some pretty simple instructions). When we got that token, we set up a session using cookies, which we could access from the app.
要验证的会议,我们只是检查访问令牌是否仍然与供应商有效。我们还使用了各自的供应商的唯一的用户ID来区分用户。
To validate sessions, we just checked whether the access token was still valid with the provider. We also used the respective providers' unique user IDs to distinguish users.
所以,是的,什么工作对我们来说是:使应用程序认证和放大器;授权您的服务的,而不是应用程序本身。
So yes, what worked for us is: Make the app authenticate & authorise your service, not the app itself.
这篇关于如何通过OAuth的授权与第三方移动应用但连接到我的服务,而不是第三方的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
