简体繁体 English

如何为我的api使用系统实现登录

[英]How would I implement a login with my system for my api

原文 2016-03-12 03:36:23 3 1 java/ mysql/ web-services/ jsp

I am trying to figure out a way to make a login with me feature for my api i plan on releasing in my city to connect businesses via their own website. 我正在尝试寻找一种方法来使我的api与我一起登录，我计划在我的城市中发布该版本，以通过自己的网站联系商家。

Let's say I own a database that has a table with users Each user has a username an password and an email adress. 假设我拥有一个数据库，该数据库具有一个包含用户的表。每个用户都有一个用户名，一个密码和一个电子邮件地址。 Lets say i have a user with username=x, password=y, email=z 可以说我有一个用户，用户名= x，密码= y，电子邮件= z

I would like to create a webservice of some sort that when called from a web page it opens another tab(this can be implemented on the page itself), forces the user to login without providing the webpage the password the user has put in(to prevent external businesses to steal passwords). 我想创建某种Web服务，当从网页调用该服务时，它将打开另一个选项卡（可以在页面本身上实现），强制用户登录而不提供该用户输入的密码。防止外部企业窃取密码）。

So access would go as follows 因此访问将如下

User clicks "login with your ExternalAccount" 用户单击“使用您的ExternalAccount登录”
Gets redirected to the site that hosts "ExternalAccount" 重定向到托管“ ExternalAccount”的网站
Puts in his username and password x and y 输入他的用户名和密码x和y
Gets redirected back to the site he came from with the information x and z(username and email) 重定向回他来自x和z的网站（用户名和电子邮件）
The page he came back to gets the required information without getting the password 他返回的页面无需密码即可获取所需信息

How can I achieve this? 我该如何实现？

It seems like you guys are not understanding where I am coming from. 你们好像不了解我的来历。 I want to be able to login from another site without that site stealing passwords. 我希望能够从另一个站点登录而不让该站点窃取密码。

So imagine my business is named RyanServices. 因此，假设我的公司名为RyanServices。 RyanServices has RyanAccounts. RyanServices具有RyanAccounts。 RyanServices has alot of RyanAccounts. RyanServices有很多RyanAccounts。 Other businesses(such as BobServices) want to work together with RyanServices, so BobServices wants to make it possible to log in with RyanAccounts on his website. 其他企业（例如BobServices）希望与RyanServices合作，因此BobServices希望可以在其网站上使用RyanAccounts登录。

RyanServices has no problem with this but he does not want BobServices to know the passwords of RyanAccounts(only the usernames and emails) and therefor asks people who wish to use RyanAccounts on another site, to login via RyanServices.. Once logged in via RyanServices, BobServices may use information such as phone numbers, emails, date of birth from RyanAccounts but not the password. RyanServices对此没有问题，但是他不希望BobServices知道RyanAccounts的密码（仅用户名和电子邮件），因此要求希望在另一个站点上使用RyanAccounts的人通过RyanServices登录。一旦通过RyanServices登录， BobServices可以使用RyanAccounts等信息，例如电话号码，电子邮件，生日，但不能使用密码。

Examples of this sort of system being used is like how on StackOverflow you have the option "Log in via facebook" 正在使用的这种系统的示例类似于在StackOverflow上如何选择“通过Facebook登录”

1 个解决方案

It sounds like you are looking for OAuth. 听起来您正在寻找OAuth。 Googling for for OAuth will provide you with lots of references and implementations are available for most environments. OAuth的Google搜索将为您提供大量参考，并且大多数环境都可以使用实现。