使用OAuth 2.0对用户进行身份验证时,重定向URL如何知道他们属于哪个用户? [英] When authenticating a user with OAuth 2.0 how does the redirect URL know what user they belong to?
问题描述
我是网络开发的新手,并试图通过构建使用Google API的网络应用程序来让自己感觉良好。我正在阅读关于使用OAuth 2.0的Google文档,但重定向URL位让我有点困惑。根据此处的示例,成功的身份验证会将响应发送到
{redirect_url}?state = / profile& code = {auth_code}
响应URL没有指定用户,据我所知,响应也没有加载。重定向URL端点如何知道哪个用户绑定了它刚刚收到的授权代码?
值得注意的细节是,您的重定向网址何时收到包含代码的回复,它是Google授权服务器将用户的浏览器重定向到您的服务器。因此,用户的浏览器使用代码向服务器发送请求。
换句话说,您的问题实际上是:当您的服务器收到来自许多用户的许多请求时,你怎么知道哪个用户的请求来自
我想你需要学习一些关于会话或cookie ,它允许
HTTP成为有状态。
I'm new to web development and trying to get my feet wet by building a web app that uses Google APIs. I was reading Google's documentation on using OAuth 2.0, but the redirect URL bit has me a bit confused. According to the example here a successful authentication will send a response to
{redirect_url}?state=/profile&code={auth_code}
The response URL doesn't specify a user and neither does the response load as far as I know. How does the redirect URL endpoint know which user is tied to the authorization code it just received?
There was a very similar question here, but the answers focus on passing query parameters to the redirect URL. I'm not trying to do that. I want to understand how the redirect endpoint associates an OAuth response to a particular user. Note that I'm pretty new to all of this, so my confusion might stem from not understanding how HTTPS calls work or something similar.
A notable detail is when your redirect URL receives a response with code, it is the Google authorization server that redirect user's browser to your server. So it's user's browser that send a request to your server with code.
In other word, actually, you question is: "When your server receives many requests from many users, how do you know which user a request comes from"
I think you need to learn something about session or cookie which allows HTTP to become stateful.
这篇关于使用OAuth 2.0对用户进行身份验证时,重定向URL如何知道他们属于哪个用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!