Google登录,如何存储会话状态?
[英]Google Sign-In, How to store session state?
问题描述
I'm not sure I am asking this question correctly. 
我不确定我是否正确地问了这个问题。 I want to use Google Sign-In to authenticate users for either certain actions on my web application or to certain pages of the application. 我想使用Google登录来验证用户对我的Web应用程序或应用程序某些页面的某些操作。
I have followed the instructions for Google Sign-In and I am getting the id_token and passing that to my server which then uses the tokeninfo endpoint to verify the id_token and exchange the id_token for user information. 我已经按照Google登录的说明进行操作,正在获取id_token并将其传递给我的服务器,该服务器随后使用tokeninfo终结点来验证id_token并将ID_token交换为用户信息。
Do I have to get an id_token and pass that to my server and then to the tokeninfo endpoint for verification every time I want to do some PHP action or is there a way to store the authenticated state to prevent all of these calls to the tokeninfo endpoint once the user is authenticated? 我是否需要获取id_token并将其传递到服务器,然后传递给tokeninfo端点以进行验证,每次我想执行一些PHP操作时,还是有一种方法可以存储经过身份验证的状态,以防止所有这些对tokeninfo端点的调用一旦用户通过身份验证?
I'm just not sure how to go about that last part. 我只是不确定如何进行最后一部分。 Right now I am passing the token to my server with javascript like this. 现在,我正在使用javascript将令牌传递到服务器。
function sendToken(googleUser) {
var id_token = googleUser.getAuthResponse().id_token;
console.log(id_token);
var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://app.mydomain.com/test.php');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xhr.onload = function() {
console.log(xhr.responseText);
};
xhr.send('idtoken=' + id_token);
}
Then on my backend I am doing this in PHP. 然后在后端,我用PHP进行此操作。
$url = 'https://www.googleapis.com/oauth2/v3/tokeninfo';
$myvars = 'id_token=' . $_POST["idtoken"];
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_POST, 1 );
curl_setopt( $ch, CURLOPT_POSTFIELDS, $myvars );
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1 );
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
$response = curl_exec( $ch );
I then check $response to validate the user and continue actions like inserting in the database if the user was validated by Google. 然后,我检查$ response以验证用户,并继续执行诸如在用户通过Google验证时插入数据库的操作。 I am doing this validation each time a user needs to input data into the database which seems slow to me. 每当用户需要将数据输入数据库时,我都会进行此验证,这对我来说似乎很慢。 So I am sure I am missing some step that would make things better. 因此,我确定我缺少一些可以使事情变得更好的步骤。
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2016-07-22 12:46:11
I know it's not PHP but this answer might be useful to you too. 我知道这不是PHP,但是这个答案对您也可能有用。
Basically, it's not a matter of Google Sign-in but a matter of PHP (and whichever PHP framework you're using). 基本上,这不是Google登录问题,而是PHP(以及您使用的任何PHP框架)问题。 In your $response I believe you'll get the user's email address. 我相信您会在$response获得用户的电子邮件地址。 You now need to set a session cookie that that's the email. 现在,您需要设置一个会话cookie,即电子邮件。 Once you've done that you're done with Google Sign-In. 完成后,就完成了Google登录。 Now it's just your user, your PHP code and the user's cookies that matter. 现在,重要的只是您的用户,您的PHP代码和用户的cookie。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.