Android的SSO(单点登录)的应用程序 [英] Android SSO (Single sign-on) for app
问题描述
有没有免费的单点登录机制为Android的优雅与非web应用的工作原理?再说了,沿着...东西线
-
您启动我的应用程序,并使用它,直到它使从需要身份验证的应用程序服务器的请求。它回应了随机令牌服务器将与你联系在一起的时间很短的要求。
-
该应用程序presents您的用户名字段,密码字段,和一个提交按钮。
-
您输入您的用户名和密码。该应用程序,然后转发您的用户名和密码的散列,以及由应用程序服务器生成的令牌,到登录的服务。
-
登录服务确定您的用户名和密码是否是有效的。如果是这样,这数字时间戳和签名的令牌,并返回签署令牌的应用程序。
-
该应用程序中继签署令牌到服务器。
-
服务器检查签名,以满足本身它是有效的,并通过其信任的机构签署,并继续就好像用户不得不presented它与一个有效的本地用户名和密码来代替。
我怀疑我只是迷路的命名,但IM pression到目前为止,我所得到的是所有常见的SSO提供商 - 推特,脸谱等 - 只允许用户登录使用一个正常的浏览器,而你要么不允许做什么,我描述的,或者他们做一些事情,使之有效地不可能的事情,除了正常的浏览器(如动态,努力prevent创建通过Javascript的登录表单开发人员试图使用自己的应用程序作为登录的门面)。
另外,不存在任何这样的工作流程...
-
您启动我的应用程序,并使用它,直到Web服务需要您登录的应用程序服务器生成的令牌,并返回给应用程序。
-
该应用程序会生成通过意向新的浏览器发送到登录提供商的网站,通过意图传递令牌给浏览器(并最终提供者)为张贴的聚乙烯醇缩甲醛。
-
您登录时使用的浏览器窗口,浏览器窗口关闭 - 并返回到我的应用程序
-
登录提供商签署令牌,然后直接将其发送到通过HTTP POST我的应用程序的服务器,所以我可以记下其提交,验证证书,并把它当作好像是代替直接提交有效的用户名和密码用户到应用服务器自己。
上个月的Facebook更新了自己的SDK和启用单点登录的Android应用。已经有这方面的信息在
- #1:单点登录Android版的Facebook
- 的Youtube: http://www.youtube.com/watch?v=JT8W1TqplZI
- 的Facebook / GitHub上: https://github.com/ Facebook的/ Facebook的Android的SDK / BLOB /主/ README.md 参见设置单点登录
Is there any free single-signon mechanism for Android that gracefully works with non-webapps? Say, something along the lines of...
You launch my app and use it until it makes a request from the app server that requires authentication. It responds to that request with a random token that the server will associate with you for a short time.
The app presents you with a username field, a password field, and a submit button.
You enter your username and password. The app then forwards your username and hashed password, along with the token generated by the app server, to the login service.
The login service determines whether or not your username and password are valid. If they are, it digitally timestamps and signs the token, and returns the signed token to the app.
The app relays the signed token to the server.
The server checks the signature, satisfies itself that it's valid and signed by an authority it trusts, and proceeds as though the user had presented IT with a valid local username and password instead.
I suspect I'm just getting lost in nomenclature, but the impression I've gotten so far is that all the usual SSO providers -- Twitter, Facebook, etc -- only allow users to log in using a normal browser, and that you're either not allowed to do what I described, or they do something to make it effectively impossible with anything besides a normal browser (like dynamically creating the login form via Javascript in an effort to prevent developers from trying to use their own apps as a login facade).
Alternatively, does there exist any workflow like THIS...
You launch my app and use it until the web service requires you to log in. The app server generates a token and returns it to the app.
The app spawns a new browser via intent that sends you to the login provider's web site, passing the token via intent to the browser (and ultimately the provider) as a POSTed formvar.
You log in using the browser window, and the browser window closes -- returning you to my app.
The login provider signs the token, then sends it directly to my app server via HTTP POST so I can note its submission, verify the cert, and treat it as though it were instead a valid username and password submitted directly by the user to the app server himself.
Last month Facebook updated their SDK and enabled Single-Sign-On for Android Apps. There is already information about this on
- Stackoverflow: Single Sign On for Android Facebook
- Youtube: http://www.youtube.com/watch?v=JT8W1TqplZI
- Facebook /GitHub: https://github.com/facebook/facebook-android-sdk/blob/master/README.md see "Set up Single Sign on"
这篇关于Android的SSO(单点登录)的应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
