服务器端应用程序的Google+登录
[英]Google+ Sign-In for server-side apps
问题描述
Was going through the google tutorial page for implementing "Google+ Sign-In" for server-side apps.While proceeding in the tutorial ,I am stucked in Step 2 that says : Create an anti-request forgery state token .Below is the link for the tutorial : 
正在浏览用于为服务器端应用程序实现“ Google+登录”的Google教程页面。在学习本教程的过程中,我仍然停留在步骤2中,说:创建一个反请求的伪造状态令牌。下面是该链接本教程:
https://developers.google.com/+/web/signin/server-side-flow
The tutorial says,I need to create the "unique session token" using below code.However I am wondering where do I need to place this code. 本教程说,我需要使用下面的代码创建“唯一会话令牌”。但是,我想知道该在哪里放置此代码。 In my index.html (which contains the sign in button) file ?? 在我的index.html(包含登录按钮)文件中? or something else. 或者是其他东西。
$state = md5(rand());
$app['session']->set('state', $state);
// Set the client ID, token state, and application name in the HTML while
// serving it.
return $app['twig']->render('index.html', array(
'CLIENT_ID' => CLIENT_ID,
'STATE' => $state,
'APPLICATION_NAME' => APPLICATION_NAME
));
1 个解决方案
解决方案1
0 2014-08-08 16:43:08
The CLIENT_ID, STATE, and APPLICATION_NAME go on every page that has the javascript for the sign-in button. CLIENT_ID,STATE和APPLICATION_NAME会在每个具有登录按钮javascript的页面上显示。
The STATE must be unique per session and must be consistent within a session, which is why it's generated using the hash of some random data and saved throughout the session. STATE在每个会话中必须是唯一的,并且在一个会话中必须是一致的,这就是为什么使用某些随机数据的哈希值生成并在整个会话中保存它的原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.