堆栈内存溢出
  简体   繁体   English

Ruby on Rails gem omniauth-facebook的oauth-token的用途是什么?

[英]What is the purpose of oauth-token of Ruby on Rails gem omniauth-facebook?

 原文  2014-01-24 02:35:24       ruby-on-rails/ ruby/ gem/ omniauth/ facebook-login

问题描述

I'm using has_secure_password and bcrypt for authentication, but not deivse . 我正在使用has_secure_passwordbcrypt进行身份验证,但没有使用deivse I basically refer Railscasts and pass in all the data such as provider/uid/info.name/credentials.token . 我基本上是参考Railscasts并传递所有数据,例如provider/uid/info.name/credentials.token Since my User model validates password , so I try to pass in the oauth-token as password so I can put this user in my db. 由于我的用户模型验证password ,因此我尝试将oauth-token作为password传递,以便将该用户放入数据库中。 My question is, is there any security risk for treating oauth-token as password? 我的问题是,将oauth-token用作密码是否存在安全风险? What is the original purpose for oauth-token ? oauth-token的最初目的是什么? Thank you. 谢谢。

1 个解决方案

解决方案1
 0 已采纳  2014-01-24 05:25:59

I don't even really know where to start... It's unclear if you are trying to implement FB Connect, and doing it wrong or trying to implement user authentication, and doing it wrong by using OAuth related stuff. 我什至不知道从哪里开始...尚不清楚您是要实现FB Connect,是做错了还是尝试实现用户身份验证,并通过使用与OAuth相关的东西来做错。

OAuth tokens are used to authenticate yourself against a third party, in order to access their API for example. OAuth令牌用于针对第三方进行身份验证,例如以访问其API。 So in case of Facebook Connect you would have the user authorize themselves and then get an OAuth token for them, so you can access the third party in their behalf. 因此,在使用Facebook Connect的情况下,您需要让用户授权自己,然后为他们获取OAuth令牌,以便您可以代表他们访问第三方。 I suggest reading up on OAuth resources for this. 我建议为此阅读OAuth资源。

Either way using an OAuth token for whatever password is wrong. 无论哪种密码错误,都可以使用OAuth令牌进行。 OAuth tokens are not permanent, they expire and they can be revoked and regenerated. OAuth令牌不是永久性的,它们会过期并且可以被吊销和重新生成。 Meaning in your case the password would change in all of those cases. 这意味着在所有情况下,密码都会更改。 If you are just implementing OAuth connect, you don't need any kind of passwords for the user at all. 如果您只是实现OAuth connect,则根本不需要用户使用任何类型的密码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Facebook使用omniauth-facebook gem登录Ruby on Rails - Facebook login with Ruby on Rails using omniauth-facebook gem Ruby on Rails上的omniauth和omniauth-facebook - ruby on rails omniauth and omniauth-facebook 未初始化的常量用户omniauth_callbacks_controller与gem omniauth-facebook在ruby on rails app - uninitialized constant Users for omniauth_callbacks_controller with gem omniauth-facebook in ruby on rails app 是否可以使用omniauth-facebook rails gem保存多个用户? - Is it possible to save multiple users using omniauth-facebook rails gem? 使用Omniauth-Facebook Gem添加个人资料图片的最简单方法是什么? - What is the simplest way to add an profile image with the Omniauth-Facebook Gem? Ruby on Rails omniauth-facebook在开发中有效,但在Heroku上无法生产 - Ruby on Rails omniauth-facebook works in development, but fails in production on Heroku 与omniauth-facebook的Rails Facebook登录错误 - OmniAuth :: Strategies :: OAuth2 :: CallbackError - Rails Facebook login error with omniauth-facebook - OmniAuth::Strategies::OAuth2::CallbackError 最新的 omniauth-facebook gem 破解 devise - Latest omniauth-facebook gem breaks devise 设计Omniauth-facebook旁路Rails验证 - Devise Omniauth-facebook bypass rails validations 如何在Rails 4中使用Omniauth-facebook对用户进行身份验证 - How to authenticate user with Omniauth-facebook in rails 4
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM