服务器端Java Web应用程序中的Google OAuth2流
[英]Google OAuth2 Flow in Server Side Web Application in Java
问题描述
I am facing an issue understanding the oauth2 flow. 
我在理解oauth2流时遇到问题。 A user(identified by a user_id) initiates the GoogleAccounts connection in the browser.The request is passed to Servlet that sends Redirect String To Client (Javascript), which in turn redirects user to that Auth URL. 用户(由user_id标识)在浏览器中启动GoogleAccounts连接。请求被传递到Servlet,该Servlet将重定向字符串发送到客户端(Javascript),然后将用户重定向到该Auth URL。 On User Consent, the response is returned to callback url (mapped to a servlet). 在“用户同意”上,响应返回到回调URL(映射到Servlet)。 My Confusion here is when callback servlet is called,how do i identify to which user(user_id) does this authCode belong to? 我的困惑是当调用回调servlet时,如何识别此authCode属于哪个用户(user_id)? Do i have to use state param of oAuth2 ? 我是否必须使用oAuth2的状态参数?
Please help. 请帮忙。
1 个解决方案
解决方案1
0 2017-02-16 23:13:20
As the comments suggest, the state param is your friend. 正如评论所暗示的那样, state参数是您的朋友。 The simplest way would be to simply set state=user_id . 最简单的方法是简单地设置state=user_id 。 An alternate approach would be to start a server session and store the user ID in the session object. 另一种方法是启动服务器会话并将用户ID存储在会话对象中。 This latter approach assumes you have a relatively simple server, or your cluster supports shared sessions. 后一种方法假定您有一台相对简单的服务器,或者您的群集支持共享会话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.