[英]Digits Authentication with Parse Server
In building an a small Android app, I decided to try out Digits to login with a phone number and Parse for the back end. 在构建一个小型Android应用程序时,我决定尝试使用Digits登录并使用电话号码登录并使用Parse作为后端。
How might I validate a Digits session with the Parse server? 如何验证与解析服务器的Digits会话?
I've started with the below example, though I'm not sure if this is 'correct' (adapted from this post ). 我从下面的示例开始,尽管我不确定这是否是“正确的”(改编自本文 )。
Android Client: Android客户端:
Request auth (oauth?) token and user id from digits 从数字请求身份验证(oauth?)令牌和用户ID
a. 一种。 Send in a digits key and secret, retrieve an object 发送数字密钥和机密,检索对象
Validate this session with Parse 使用Parse验证此会话
a. 一种。 Send in phone number, auth token, and user id 发送电话号码,身份验证令牌和用户ID
b. 湾 Receive acknowledge with user info if authorization is valid 如果授权有效,则接收带有用户信息的确认
Parse: 解析:
Auth endpoint takes phone number, auth token, and user id 身份验证端点采用电话号码,身份验证令牌和用户ID
a. 一种。 Validate with twitter endpoint 使用Twitter端点进行验证
b. 湾 Insert auth token hash and user id into a Sessions table (future requests will ping this table, not twitter) 将身份验证令牌哈希和用户ID插入到Sessions表中(将来的请求将ping此表,而不是twitter)
c. C。 Return acknowledge to client 返回确认给客户
The above makes sense, but a Parse Example with Github login seems to do something slightly different. 上面的说法很有道理,但是使用Github登录的解析示例似乎在做些微的不同。 With Parse, the initial request to the third-party is made from the Parse server, not the client. 使用Parse,对第三方的初始请求是从Parse服务器而不是客户端发出的。
Github requires a 'state' parameter to be sent in, which seems to be why the Parse example has its initial request sent from the server, whereas Digits does not require such parameter. Github要求发送一个“状态”参数,这似乎就是为什么Parse示例从服务器发送其初始请求的原因,而Digits则不需要这样的参数。 Does this make the Digits authentication any less secure? 这会使数字身份验证的安全性降低吗? Is there a way to make this process more secure/correct? 有没有办法使此过程更加安全/正确?
Here's a gist of my current solution. 这是我当前解决方案的要点 。
On the Parse side of things I send in an http request that looks something like the following: 在“解析”方面,我发送了一个http请求,该请求看起来类似于以下内容:
// Within a /verify_credentials webhook
Parse.Cloud.httpRequest({
method: 'GET',
url: req.get(headers[0]),
headers: {'Authorization': req.get(headers[1])},
success: function(httpResponse) {
var obj = JSON.parse(httpResponse.text);
res.status(httpResponse.status).send("success");
},
error: function(httpResponse) {
res.status(400).json({
error: 'Unable to make a twitter request'
});
}
});
On the Android side of things, I send an http request to the Parse server with the Parse session information within the headers: 在Android方面,我将HTTP请求发送到Parse服务器,并在标头中包含Parse会话信息:
TwitterAuthConfig authConfig = TwitterCore.getInstance().getAuthConfig();
// Cast from AuthToken to TwitterAuthToken
TwitterAuthToken authToken = (TwitterAuthToken)session.getAuthToken();
OAuthSigning oAuthSigning = new OAuthSigning(authConfig, authToken);
// First value should be the location we're querying to twitter.
// The second is the actual validation information
Map<String, String> authHeaders = oAuthSigning.getOAuthEchoHeadersForVerifyCredentials();
try {
cloud.verifyCredentials(
authHeaders.get("X-Auth-Service-Provider"),
authHeaders.get("X-Verify-Credentials-Authorization"),
session.getId(),
callback);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.