我可以使用多个(access_token,refresh_token)来通过Gatekeeper在不同的客户端/设备上为同一用户提供服务吗?
[英]Can I have multiple (access_token, refresh_token) to serve the same user on different client/devices with doorkeeper?
问题描述
I'm in the process of securing a Rails api-only app, and I'd like to do so with OAuth2 (password flow) and using Doorkeeper . 
我正在保护仅Rails api的应用程序,我想使用OAuth2(密码流)并使用Doorkeeper来实现 。 Ignoring the fact that I can't find sufficiently clear docs on how to do this, the use case I have in mind is one where there are multiple clients on multiple devices/platforms (eg Android, iOS, browser) and they all require a user to login. 忽略了我找不到足够清晰的文档说明这一事实,我想到的用例是在多个设备/平台(例如Android,iOS,浏览器)上有多个客户端的情况,它们都需要一个用户登录。 I want to be able to issue a new (access_token, refresh_token) pair for every new login, and they all should identify the user for whom the pair was created. 我希望能够为每个新的登录发出一个新的(access_token,refresh_token)对,它们都应该标识为该对创建的用户。 That is, if Alice logs in through Android and iOS, and Bob through two browsers, I want a record such as 也就是说,如果Alice通过Android和iOS登录,而Bob通过两个浏览器登录,则我想要一条记录,例如
| user_id | access_token | refresh_token | client_id |
|---------|--------------|---------------|------------------|
| Alice | a6d7f82h3hf | d8f6g8d0e3 | Android-h3j4k5l6 |
| Alice | 3j4k5j3l5k3 | 1hnrbtj5kc | iOS-j2k35h3n |
| Bob | 513lkhbjkf3 | rhj2345bvj | web-43nfm23 |
| Bob | nbv234nbv65 | cbv124cr64 | web-gc62jh4 |
(data completely made up). (数据完全组成)。 Can someone provide a straight answer, and possibly point me to docs, a guide, a tutorial relevant to this? 有人可以提供一个直接的答案,并可能为我提供与此相关的文档,指南和教程吗? I know I can roll out my own auth system implementing this particular use case, and I have done so in the past, but with this one I'd like the flexibility of OAuth2 for future improvement. 我知道我可以推出自己的身份验证系统来实现此特定用例,并且我过去已经这样做过,但是我希望借助OAuth2的灵活性来进行将来的改进。
1 个解决方案
解决方案1
0
I'm working in something like this, and I've found this helpful link to implement a simple password strategy. 我正在从事类似的工作,并且发现了这个有用的链接,可以实现简单的密码策略。 With Doorkeeper you'll get a record such as: 使用Doorkeeper,您将获得以下记录:
- resource_owner_id (user id) resource_owner_id(用户ID)
- application (granted application) 申请(已批准的申请)
- token 代币
- refresh_token refresh_token
- expires_in 过期日期在
- revoked_at 已撤销
- created_at created_at
- scopes 范围
- previous_refresh_token previous_refresh_token
So you can serve the same user on different applications/clients. 因此,您可以在不同的应用程序/客户端上为同一用户提供服务。
Now I've also some problems with Rails 5 API , because Doorkeeper uses views to grant applications. 现在,我也遇到了Rails 5 API的问题,因为Doorkeeper使用视图来授予应用程序权限。 There is a similar issue #821 , I solved the problem just turning off the api mode at config/application.rb . 有一个类似的问题#821 ,我只是在config / application.rb关闭api模式就解决了这个问题。
config.api_only = false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.