[英]Google OAuth2 Flow in Server Side Web Application in Java
I am facing an issue understanding the oauth2 flow. 我在理解oauth2流时遇到问题。 A user(identified by a user_id) initiates the GoogleAccounts connection in the browser.The request is passed to Servlet that sends Redirect String To Client (Javascript), which in turn redirects user to that Auth URL.
用户(由user_id标识)在浏览器中启动GoogleAccounts连接。请求被传递到Servlet,该Servlet将重定向字符串发送到客户端(Javascript),然后将用户重定向到该Auth URL。 On User Consent, the response is returned to callback url (mapped to a servlet).
在“用户同意”上,响应返回到回调URL(映射到Servlet)。 My Confusion here is when callback servlet is called,how do i identify to which user(user_id) does this authCode belong to?
我的困惑是当调用回调servlet时,如何识别此authCode属于哪个用户(user_id)? Do i have to use state param of oAuth2 ?
我是否必须使用oAuth2的状态参数?
Please help. 请帮忙。
As the comments suggest, the state
param is your friend. 正如评论所暗示的那样,
state
参数是您的朋友。 The simplest way would be to simply set state=user_id
. 最简单的方法是简单地设置
state=user_id
。 An alternate approach would be to start a server session and store the user ID in the session object. 另一种方法是启动服务器会话并将用户ID存储在会话对象中。 This latter approach assumes you have a relatively simple server, or your cluster supports shared sessions.
后一种方法假定您有一台相对简单的服务器,或者您的群集支持共享会话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.