您是否注销通过OAuth2登录的用户,使其访问令牌过期? [英] Do you logout a user who login via OAuth2 by expiring their Access Token?
问题描述
用户可以通过Oauth2进行登录,以方便与移动应用程序的集成。
我正在使用与Django Rest Framework一起打包的Oauth2认证库。
要注销用户,我正在到期使用令牌,这是正确的做法吗?
我想你的意思是你正在创建一个oauth2提供者?
如果我是正确的,我建议切换到使用令牌身份验证。要创建一个oauth2提供程序,有许多限制和规则要遵循,我假设当您创建一个oauth2提供程序,它将是一个公共系统,可以被许多人使用(如果有泄漏,可能会滥用您的服务) / p>
I am doing some work in Django, using the Django Rest Framework.
Users login via Oauth2 to facilitate integration with mobile applications.
I am using the Oauth2 authentication library that is packaged together with the Django Rest Framework.
To logout a user, I am expiring their access tokens, is this the correct way of doing things?
I think what you mean is that you are creating a oauth2 provider?
If I am correct I would recommend switching to using token authentication. To create a oauth2 provider there are many restrictions and rules to follow and I assume when you create a oauth2 provider that it will be a public system that can be used by many people (that can and will misuse your service if it's has leaks)
这篇关于您是否注销通过OAuth2登录的用户,使其访问令牌过期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!