[英]Can I have multiple (access_token, refresh_token) to serve the same user on different client/devices with doorkeeper?
I'm in the process of securing a Rails api-only app, and I'd like to do so with OAuth2 (password flow) and using Doorkeeper . 我正在保护仅Rails api的应用程序,我想使用OAuth2(密码流)并使用Doorkeeper来实现 。 Ignoring the fact that I can't find sufficiently clear docs on how to do this, the use case I have in mind is one where there are multiple clients on multiple devices/platforms (eg Android, iOS, browser) and they all require a user to login.
忽略了我找不到足够清晰的文档说明这一事实,我想到的用例是在多个设备/平台(例如Android,iOS,浏览器)上有多个客户端的情况,它们都需要一个用户登录。 I want to be able to issue a new (access_token, refresh_token) pair for every new login, and they all should identify the user for whom the pair was created.
我希望能够为每个新的登录发出一个新的(access_token,refresh_token)对,它们都应该标识为该对创建的用户。 That is, if Alice logs in through Android and iOS, and Bob through two browsers, I want a record such as
也就是说,如果Alice通过Android和iOS登录,而Bob通过两个浏览器登录,则我想要一条记录,例如
| user_id | access_token | refresh_token | client_id |
|---------|--------------|---------------|------------------|
| Alice | a6d7f82h3hf | d8f6g8d0e3 | Android-h3j4k5l6 |
| Alice | 3j4k5j3l5k3 | 1hnrbtj5kc | iOS-j2k35h3n |
| Bob | 513lkhbjkf3 | rhj2345bvj | web-43nfm23 |
| Bob | nbv234nbv65 | cbv124cr64 | web-gc62jh4 |
(data completely made up). (数据完全组成)。 Can someone provide a straight answer, and possibly point me to docs, a guide, a tutorial relevant to this?
有人可以提供一个直接的答案,并可能为我提供与此相关的文档,指南和教程吗? I know I can roll out my own auth system implementing this particular use case, and I have done so in the past, but with this one I'd like the flexibility of OAuth2 for future improvement.
我知道我可以推出自己的身份验证系统来实现此特定用例,并且我过去已经这样做过,但是我希望借助OAuth2的灵活性来进行将来的改进。
I'm working in something like this, and I've found this helpful link to implement a simple password strategy. 我正在从事类似的工作,并且发现了这个有用的链接,可以实现简单的密码策略。 With Doorkeeper you'll get a record such as:
使用Doorkeeper,您将获得以下记录:
So you can serve the same user on different applications/clients. 因此,您可以在不同的应用程序/客户端上为同一用户提供服务。
Now I've also some problems with Rails 5 API , because Doorkeeper uses views to grant applications. 现在,我也遇到了Rails 5 API的问题,因为Doorkeeper使用视图来授予应用程序权限。 There is a similar issue #821 , I solved the problem just turning off the api mode at config/application.rb .
有一个类似的问题#821 ,我只是在config / application.rb关闭api模式就解决了这个问题。
config.api_only = false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.