Oauth2通过电子邮件/密码访问API
[英]Oauth2 access to API by email/password
问题描述
I use gem 'rack-oauth2-server'. 
我使用gem'rack-oauth2-server'。 Currently I need add access to API by email/password from mobile app. 目前,我需要通过电子邮件/密码从移动应用程序添加对API的访问权限。
About problem: Gem provide access token from 'oauth/access_token' endpoint. 关于问题:Gem提供来自'oauth / access_token'端点的访问令牌。 This require next parameters: 'email', 'password', 'client_id', 'secret'. 这需要下一个参数:“电子邮件”,“密码”,“ client_id”,“秘密”。 'client_id' and 'secret' - fields of oauth client from mongodb collection. 'client_id'和'secret'-mongodb集合中的oauth客户端字段。 Client have setting to scope access. 客户端已设置范围访问。 I have few user types. 我的用户类型很少。 For each user type be different access scope(different oauth clients). 对于每种用户类型,应具有不同的访问范围(不同的oauth客户端)。
So, a problem: I want allow get access to api from mobile app for any user type, but, before login, i don't know which type have user. 因此,出现了一个问题:我想允许任何用户类型从移动应用访问api,但是在登录之前,我不知道哪种类型的用户。 So, mobile app can't know which client_id and sercret should be passwed to 'oauth/access_token' request. 因此,移动应用无法知道应将哪个client_id和sercret传递给“ oauth / access_token”请求。
Maybe exist some pre-hook for rails requests or another method for add params to request on fly(server side)? 也许存在一些关于Rails请求的预钩,或者用于在飞行中(服务器端)向请求添加参数的另一种方法? Note: before_filter not can be used, because 'rack-oauth2-server' called before callbacks. 注意:不能使用before_filter,因为'rack-oauth2-server'在回调之前被调用。
PS Excuse me for my bad English. PS对不起,我的英语不好。
1 个解决方案
解决方案1
1 已采纳 2016-05-21 11:09:44
Maybe exist some pre-hook for rails requests or another method for add params to request on fly(server side)?
Rails app is a stack of Rack middleware . Rails应用程序是Rack中间件的堆栈。 So, you can write a new one that identifies and adds/sets/updates request variables that you need. 因此,您可以编写一个新的标识和标识/添加/设置/更新所需的请求变量。 The link above explains the concept and how to add/manage custom middlewares. 上面的链接说明了概念以及如何添加/管理自定义中间件。
So, a problem: I want allow get access to api from mobile app for any user type, but, before login, i don't know which type have user.
Having said that, it seems like you are confusing the meaning of client_id in oAuth context. 话虽如此,您似乎在oAuth上下文中混淆了client_id的含义。 A client is the application, in your case the mobile app, that is registered and connects to your oAuth endpoint. 客户端是已注册并连接到您的oAuth终结点的应用程序(对于您而言是移动应用程序)。 So, the same mobile application (ideally) should not be connecting using different client_id s. 因此,同一个移动应用程序(理想情况下)不应使用不同的client_id连接。 Just have a different forms or a dropdown that would allow your users to select how they want to login and set the appropriate scope param. 只需使用其他表格或下拉菜单,您的用户就可以选择他们要登录的方式并设置适当的scope参数。
PS. PS。 Since you are using Client Credentials grant type, make sure you are using secure connection. 由于您使用的是“ Client Credentials授予类型,因此请确保使用的是安全连接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.