使用hello.js安全登录
[英]Secure login with hello.js
问题描述
I am new to Oauth2 and hello.js and don't understand, how to use it securely. 
我是Oauth2和hello.js的新手,不了解如何安全使用它。
I was trying singup/login with Google and for me the problem is, that 3rd party Oauth service (eg Google) does not return user-details (email, id) to my server. 我正在尝试通过Google进行注册/登录,对我来说,问题是,第三方Oauth服务(例如Google)没有将用户详细信息(电子邮件,ID)返回到我的服务器。 The critical data (id, email) is fetched on the client and then it can be sent to my server by client / browser. 关键数据(id,电子邮件)是在客户端上提取的,然后可以由客户端/浏览器发送到我的服务器。 But I cannot make reliable server API which receives arbitrary network-type(google|facebook), userId, password and makes login / signup according to this. 但是我无法使可靠的服务器API能够接收任意的网络类型(google | facebook),userId,密码并据此进行登录/注册。 Everyone could then register as someone other's = arbitrary social id. 然后,每个人都可以注册为他人的任意社交ID。
What workflow would You sugest to create an account for Google-authenticated user, in my server? 您希望在服务器中为Google认证用户创建一个帐户的工作流程是什么?
Edit: sorry, this whole queestion is probably my misunderstanding of Hellol.js purpose. 编辑:抱歉,整个问题很可能是我对Hellol.js目的的误解。 In my case, I need something like authom or passport. 就我而言,我需要诸如authom或通行证之类的东西。
1 个解决方案
解决方案1
0 2014-10-31 13:38:38
Google adds to the url all the information about user, and there is no secret token
It should only be adding an 'access_token' this is unique session token to make subsequent calls to googles api's on behalf of the user. 它应该仅添加一个“ access_token”,这是唯一的会话令牌,以代表用户随后对googles api进行调用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.