[英]Authentication using Rest API Correct Behaviour
I am building a REST API
and I am in a login
dilemma. 我正在构建
REST API
并且遇到login
难题。 What should happen on a subsequent login
request once I have already loggedIn
and before I SignOut
. 应该发生什么在随后的
login
请求,一旦我已经loggedIn
和我之前SignOut
。
So to simplify I do this: 因此,为简化起见,我这样做:
1st Login
Request - Response has a auth_token
第一个
Login
请求-响应具有auth_token
2nd Login
Request before logging out - what should be the response? 注销前的第二次
Login
请求-响应是什么?
Should it be the same auth_token
or a new auth_token
should be generated? 应该是相同的
auth_token
还是应生成新的auth_token
?
REST should be stateless, there is no "login", or "logout", at least not one that the server tracks. REST应该是无状态的,没有“登录”或“注销”,至少没有服务器跟踪的一种。 Therefore, nothing should actually happen, the user/client should always authenticate, on each request.
因此,对于每一个请求,实际上什么都不会发生,用户/客户端应该始终进行身份验证。
This of course does not mean, that you can not cache credentials, but the communication should be stateless nonetheless. 当然,这并不意味着您不能缓存凭据,但是通信仍然应该是无状态的。
If you are doing HTTP-based authentication, you do not have to worry about this actually, client will always sent authentication information automatically. 如果您正在执行基于HTTP的身份验证,则实际上不必担心,客户端将始终自动发送身份验证信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.