什么是omniauth&电子邮件密码注册最佳做法? [英] what is the omniauth & email-password registration best practice?
问题描述
我看到一些博客,看到了什么是最合适的Facebook登录的最佳做法(假设我将使用Omniauth gem)和电子邮件+密码登录?铁道司令,我知道每个人都在使用Devise宝石与Omniauth。但我正在寻找一些不同的观点。
subquestions:
考虑从头开始创建电子邮件+密码注册(不使用任何宝石,让它保持快速和轻松),你有什么建议吗?或者如果您有特别的宝石,请让它快速。
您还有其他关于Oauth2宝石(替代Omniauth)的其他建议,以处理对Facebook的身份验证?
很抱歉,我在这里提出这个基本问题,但我没有找到很多答案(其中大部分都是基于Devise的) p>
这是我在网络上的大多数示例中看到的结果
基本上,当您使用电子邮件+密码注册时,您直接创建行到用户模型(不接触Authent。模型)和注册Omniauth,而不是创建与用户模型进行通信的新身份验证。
基本上在下次登录时,您正在做这样的事情:
if(user.password =='xxx')
login
elsif user.authentication.uid =='xxx'
login
else
'hello注册! '
end
所以你在两个模型之间转移,并强奸)用户模型女巫应该只保留用户信息
解决方案,在某种程度上,我认为是正确的(从我的经验和讨论我的同事,但我还没有100%肯定这是正确的答案)
您甚至看到用户+密码正在通过Authent。模型,这意味着网站用户+密码作为自己的提供者
所以要绝对纠正它应该是这样的
- 场景1
注册FB :将FB uid和authKey保存到身份验证表,然后创建用户
- 情景2
使用密码:,您可以在AppPass表中创建新行,然后在身份验证表中创建行(作为对提供者的访问实际上是您的应用程序),而不是创建用户
为什么?
因为现在当用户登录时,总是通过Authent。模型,没有条件在2个模型(正品和用户模型)
现在有人可以告诉我,这是一个很好的方法:D?
What is the best practice for combining Facebook login (let's say I'll use Omniauth gem) and email+password login?
I saw a few blogs, saw the Railscasts, I know everyone is using Devise gem with Omniauth. But I'm looking for some different perspective.
subquestions:
I'm considering creating email+password sign-up from scratch (not using any gem for this, lets keep it fast and light) so do you have any advice for this ? Or if you have particular gem in mind, please let it be fast.
And do you have any other recommendations for Oauth2 gems (alternative to Omniauth) handling authentication to Facebook ?
I'm sorry I'm asking this fundamental questions here, but I didn't found many answers (and most of them I found are based on Devise)
This is how I saw it's done in most examples on the web
basicly when you signup with email+password, you are creating row directly to User model (not touching the Authent. model) and when signing up with Omniauth, than you are creating new authentication that communicates with User model.
And basicly on next login you are doing something like this :
if (user.password == 'xxx')
login
elsif user.authentication.uid == 'xxx'
login
else
'hello signup !'
end
so you are swiching between 2 models, and raping (sorry for the term) the User model witch should hold only user info
The solution, in a way, I think is correct (from my experience and discussions with my colleagues but I'm still not 100% sure this is the right answer)
as you see even the user+password is going trough Authent. model, that means the site user+password is acting as a provider on its own
so to be absolutly correct it should be look like this
- scenario 1
signing up with FB: you save FB uid and authKey to authentication table, then create user
- scenario 2
signing up with password: you create new row in AppPass table, then you create row in Authentication table (as a access to provider witch is actually your app) and than you create user
Why?
because now when user logs in, is always going trough Authent. model, not making condition between 2 models (the Authent. and the User model)
now can anyone please tell me, ...is this a good approach :D ?
这篇关于什么是omniauth&电子邮件密码注册最佳做法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
