Yammer身份验证-检查令牌是否有效
[英]Yammer authentication - check if token is valid
问题描述
I'm using Yammer JS SDK to authenticate users to access some web service. 
我正在使用Yammer JS SDK来认证用户以访问某些Web服务。 I'm using JS SDK to obtain a token and I store it in session. 我正在使用JS SDK来获取令牌,并将其存储在会话中。 Current flow is following (may be wrong, correct me, if necessary): 电流如下(可能是错误的,如有必要,请纠正我):
- User accesses any page, PHP is checking for token stored in session vars. 用户访问任何页面,PHP正在检查存储在会话变量中的令牌。 If not - user is redirected to login page 如果不是,则将用户重定向到登录页面
- Using Yammer SDK I'm getting an access token and save it to session vars (POSTing it to our server side login service) and render the requested page. 使用Yammer SDK,我获得了一个访问令牌并将其保存到会话变量(将其发布到我们的服务器端登录服务)并呈现请求的页面。
Problem so far - I can't find any way in Yammer API to check if the access token stored\\passed to my web service is actually the right thing. 到目前为止的问题-我在Yammer API中找不到任何方法来检查存储/传递给我的Web服务的访问令牌是否实际上是正确的。 Which means, that potentially anyone can generate some random gibberish data, use that as a token and view content - the rest of Yammer functionality will be broken, but content will be visible. 这意味着,可能任何人都可以生成一些随机的乱码数据,将其用作令牌并查看内容-Yammer功能的其余部分将被破坏,但内容将可见。
The smartest way I thought of so far is to try and get some client info from Yammer REST API using the token and if response is invalid - delete the session stored token. 到目前为止,我想到的最聪明的方法是尝试使用令牌从Yammer REST API获取一些客户端信息,如果响应无效,请删除会话存储的令牌。
How do I do that the proper way? 我该怎么做呢?
1 个解决方案
解决方案1
0 2015-06-23 18:44:19
Checking for HTTP status code 401 Unauthorized Access on a request is the only way I know of to determine if your Token is valid. 我知道确定请求的HTTP状态代码401未经授权访问是确定令牌是否有效的唯一方法。 There are a couple instances where you will get a 401 back with a valid token, but this is pretty rare. 在一些情况下,您将获得带有有效令牌的401,但这很少见。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.