谷歌的OAuth进行安装的应用程序与OAuth验证Web应用程序 [英] Google's Oauth for Installed apps vs. Oauth for Web Apps
问题描述
所以我无法理解的东西...
So I'm having trouble understanding something...
如果您对Web应用程序做的Oauth,您注册的网站有回调URL,并得到一个独特的消费密钥。但一旦你获得了Web应用程序的令牌一个OAuth,你不必产生OAuth调用从注册域名的谷歌服务器。我经常用我的钥匙,并从通过Apache服务器本地主机上我的笔记本电脑运行脚本令牌和谷歌从来不说你不发送从注册域名这一要求。它只是向我发送的数据。
If you do Oauth for Web Apps, you register your site with a callback URL and get a unique consumer secret key. But once you've obtained an Oauth for Web Apps token, you don't have to generate Oauth calls to the google server from your registered domain. I regularly use my key and token from scripts running via an apache server at localhost on my laptop and Google never says "you're not sending this request from the registered domain." It just sends me the data.
现在,据我所知,如果你安装的应用程序做的Oauth,您使用的,而不是你从谷歌有一个秘密钥匙无名氏。
Now, as I understand it, if you do Oauth for Installed Apps, you use "anonymous" instead of a secret key you got from Google.
我一直在想刚刚使用Web Apps的身份验证方法OAuth的,然后传递该令牌到具有嵌入其内脏我的秘密code。将安装的应用程序中。令人担忧的是,code可以用不好的人发现。但是,什么是更安全的......使他们的秘密code工作或让他们默认为匿名?
I've been thinking of just using the OAuth for Web Apps auth method, then passing that token to an installed app that has my secret code embedded in its innards. The worry is that the code could be discovered by bad people. But what's more secure... making them work for the secret code or letting them default to anonymous?
如果秘密的时候,另一种方法是使用匿名的秘密被发现什么是真正变坏?
What really goes bad if the "secret" is discovered when the alternative is using "anonymous" as the secret?
推荐答案
有关Web应用程序和OAuth为已安装的应用的OAuth之间的主要区别(例如匿名/匿名作为您的消费键/秘诀),是审批页。
The main difference between OAuth for Web Apps and OAuth for Installed Apps (e.g. "anonymous"/"anonymous" as your consumer key/secret), is the approval page.
有关安装的应用程序,有没有办法让谷歌来验证身份
应用程序,一个黄色的警告框显示给用户这样说。
For installed apps, there is no way for Google to verify the identity of the application so a yellow warning box is shown to the user saying so.
有关Web应用程序,有一个实际的URL(应用程序)的那可以的验证。
因此,没有丑陋的警告框是psented用户$ P $。
For web apps, there's an actual URL (of the app) that can be verified. Hence, no ugly warning box is presented to the user.
这篇关于谷歌的OAuth进行安装的应用程序与OAuth验证Web应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
