您是否注销通过OAuth2登录的用户，使其访问令牌过期？ [英] Do you logout a user who login via OAuth2 by expiring their Access Token?

问题描述

用户可以通过Oauth2进行登录，以方便与移动应用程序的集成。

我正在使用与Django Rest Framework一起打包的Oauth2认证库。

要注销用户，我正在到期使用令牌，这是正确的做法吗？

解决方案

我想你的意思是你正在创建一个oauth2提供者？

如果我是正确的，我建议切换到使用令牌身份验证。要创建一个oauth2提供程序，有许多限制和规则要遵循，我假设当您创建一个oauth2提供程序，它将是一个公共系统，可以被许多人使用（如果有泄漏，可能会滥用您的服务） / p>

I am doing some work in Django, using the Django Rest Framework.

Users login via Oauth2 to facilitate integration with mobile applications.

I am using the Oauth2 authentication library that is packaged together with the Django Rest Framework.

To logout a user, I am expiring their access tokens, is this the correct way of doing things?

解决方案

I think what you mean is that you are creating a oauth2 provider?

If I am correct I would recommend switching to using token authentication. To create a oauth2 provider there are many restrictions and rules to follow and I assume when you create a oauth2 provider that it will be a public system that can be used by many people (that can and will misuse your service if it's has leaks)

这篇关于您是否注销通过OAuth2登录的用户，使其访问令牌过期？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！