我的oauth2回调页面可以是相同的html页面吗? 以及我如何获得令牌?
[英]Can my oauth2 callback page be the same html page? and how do I get the token?
问题描述
First off, I'm using static html and javascript and C# Web API. 
首先,我正在使用静态html和javascript以及C#Web API。 So I have a link that calls an oauth2 server, on my html file, say index.html Now is it ok to set the callback page to index.html 所以我在我的html文件上有一个调用oauth2服务器的链接,说index.html现在可以将回调页面设置为index.html
It seems to work, and it gets sent to index.html?code=125f0... 它似乎可以正常工作,并发送到index.html?code = 125f0 ...
Is this ok to do or do I need a seperate callback page. 这样可以吗,还是我需要一个单独的回调页面。 Is code, the token? 代码是令牌吗?
Now how should I consume this?The javascript doesn't seem to get hit on the call back. 现在,我该如何使用呢?JavaScript似乎在回拨中没有受到打击。 Edit, actually, the javascript seems to get hit on the call, back but I'm not getting anything undefined from: 编辑,实际上,javascript似乎在调用中被击中,但是我没有从以下内容得到未定义的任何内容:
$(function () {
var params = {},
queryString = location.hash.substring(1),
regex = /(^&=]+)=([^&*])/g,
m;
while (m = regex.exec(queryString)) {
params[decodeURIComponent(m[1])] = decodeURIComponent(m[2]);
}
if (params.error) {
if (params.error == "access_denied") {
sAccessToken = "access_denied";
//alert(sAccessToken);
}
} else {
sAccessToken = params.code;
alert(sAccessToken);
}
});
Also, can my callback page be a C# web api call? 另外,我的回调页面可以是C#网络api调用吗? And send the token that way. 然后以这种方式发送令牌。 I'm guessing no, cus then you'd never know what user agent is sending it, and couldn't communicate back unless you somehow passed a id and used signalR? 我猜不是,是因为您永远不会知道什么用户代理正在发送它,并且除非您以某种方式传递了id并使用了signalR,否则您将无法进行通信。 It seems better to get it in javascript and send the token to web api. 似乎最好用javascript将其发送并将令牌发送到Web api。 But then can web api make calls to the resource if it has the token? 但是,如果Web api具有令牌,则可以对资源进行调用吗?
sorry, I'm still learning 对不起,我还在学习
2 个解决方案
解决方案1
1 2014-05-24 16:59:46
OAuth2 has various "profiles". OAuth2具有各种“配置文件”。 The "Authorization Code Grant" flow (what you are using) requires a server side component that exchanges the code for token. “授权代码授予”流(正在使用的)需要一个服务器端组件,该组件将代码交换为令牌。
Single Page Applications, typically use the implicit flow. 单页应用程序通常使用隐式流程。 See here for a quick description: https://docs.auth0.com/protocols#5 (ignore references to "Auth0", the underlying protocol is the same regardless of the implementation). 请参阅此处以获取快速描述: https ://docs.auth0.com/protocols#5(忽略对“ Auth0”的引用,无论实现如何,底层协议都是相同的)。
See here for a more thorough description of both flows: What is the difference between the 2 workflows? 请参阅此处,以获得对这两种流程的更全面的描述: 2个工作流程之间有什么区别? When to use Authorization Code flow? 什么时候使用授权码流程?
解决方案2
0 2014-05-29 00:08:05
Sorry, it was sorta of strange question and bad wording. 抱歉,这有点奇怪的问题和措辞不好。 But what I ended up doing is making an HTML callback page which takes in the code. 但是我最终要做的是制作一个包含代码的HTML回调页面。 I popup the OAuth2 server page in a window then it calls my callback page. 我在一个窗口中弹出OAuth2服务器页面,然后它调用我的回调页面。 Then my callback page will close the window and pass the code back to my parent page. 然后,我的回调页面将关闭窗口,并将代码传递回我的父页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.