堆栈内存溢出
  简体   繁体   English

这是使用oauth2登录的正确工作流程吗?

[英]is this the correct workflow for linkedin login using oauth2?

 原文  2016-02-09 19:04:01       php/ cookies/ oauth-2.0/ linkedin/ linkedin-api

问题描述

I need to implement LinkedIn login for one of client. 我需要为其中一个客户端实施LinkedIn登录。 Here is the workflow I am maintaining, 这是我要维护的工作流程,

  1. User will click on the "LoginUsingLinkedIn" button for the fist time. 用户将首先单击“ LoginUsingLinkedIn”按钮。

  2. The user will be redirected to linkedin authorization page and if he authorizes , I am requesting for an access token and stroing the same access token in the browser cookie. 该用户将被重定向到linkedin授权页面,如果他授权了,我将请求访问令牌并在浏览器cookie中添加相同的访问令牌。 Now I am making call to linkedin to get the user info using this token. 现在,我正在致电linkedin,以使用此令牌获取用户信息。

  3. Now lets say the user again come to the site after 2-3 days, then first I am checking if there is any accesstoken present in cookie. 现在,让我们说用户在2-3天后再次来到该站点,然后我首先要检查Cookie中是否存在任何访问令牌。

    3.1: If accesstoken is present in cookie, I am making a call to linkedin to get the email id, if its successful then the accesstoken is valid and proceed further. 3.1:如果cookie中存在accesstoken,则我正在致电linkedin以获取电子邮件ID,如果成功,则说明accesstoken有效,并继续进行操作。 If the call returns an error, then I am redirecting the user to linkedin authorization page agin. 如果调用返回错误,则我将用户重定向到linkedin授权页面开始。

    3.2: If the accesstoken is not present in cookie, the user will be redirected to linkedin auth. 3.2:如果cookie中不存在accesstoken,则用户将被重定向到linkedin auth。 page. 页。

This is the first time I am integrating oauth login to any site. 这是我第一次将oauth登录集成到任何站点。 Please let me if there is any issue with this approach. 如果这种方法有任何问题,请让我。

Is it safe to store the accesstoken in the browser cookie? 将访问令牌存储在浏览器cookie中是否安全? OR shall we store the authorization code in the cookie and obtain the accesstoken every time? 还是我们应该将授权码存储在cookie中,并每次获取访问令牌? I am not sure if it make sense. 我不确定这是否有意义。 Please help. 请帮忙。

1 个解决方案

解决方案1
 0  2016-02-09 20:01:49

There are libraries for this, even if you do not want to use it is good to take a look, in my point of view it is better to store the values in the session or database. 有一些用于此的库,即使您不想使用它也很好看,以我的观点,最好将值存储在会话或数据库中。

If you need only login, and is not doing things on linkedin like the user, just get authorization if the user is not logged in and save the user information, then when the session has expired or if the user has logged off, get the authorization again. 如果您只需要登录,而不是像用户那样在linkedin上做事,那么如果用户未登录并获取用户信息,则只需获得授权即可,然后在会话到期或用户注销后获得授权。再次。

https://github.com/thephpleague/oauth2-linkedin https://github.com/thephpleague/oauth2-linkedin

https://github.com/thephpleague/oauth2-client https://github.com/thephpleague/oauth2-client

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 与OAuth2一起使用PHP登录 - Using PHP login along side OAuth2 Laravel Oauth2登录 - Laravel Oauth2 Login 使用 Linkedin OAuth api 登录:不断询问权限认证 - Login using Linkedin OAuth api: keeps asking permissions authentication 使用 PHP 客户端库通过 Google OAuth2 持续登录 - Persistent login with Google OAuth2 using the PHP client library 使用oauth2 / OIDC进行sso登录而无需重定向-可能吗? - sso login using oauth2/OIDC without redirects - possible? 如何在LinkedIn OAuth2中进行人员和公司搜索 - How to make people and company search in linkedIn oauth2 如何使用 oauth2 静默登录用户? - How to login an user silently with oauth2? 没有登录屏幕的Yahoo OAuth2? - Yahoo OAuth2 without login screen? 使用ZF2 Oauth2 - Using ZF2 Oauth2 Laravel Oauth2 controller 使用 League OAuth2 客户端 - Laravel Oauth2 controller using League OAuth2 client
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM