OAuth2身份验证js客户端
[英]OAuth2 authentication js client
问题描述
I'm developing an outlook addin. 
我正在开发一个Outlook插件。 It is JS based, which uses OAuth2 to authenticate users. 它基于JS,使用OAuth2对用户进行身份验证。 I'm using poupp window to open authorization page like google, azure ... and after success login I close it. 我正在使用poupp窗口打开google,azure等授权页面,成功登录后,我将其关闭。 To go back into application I'm registering a callback function on parent window of popup which is accessible via window.opener property. 回到应用程序中,我正在弹出窗口的父窗口上注册一个回调函数,该窗口可通过window.opener属性进行访问。 Everything is working fine, however I would like to support mobile devices. 一切正常,但是我想支持移动设备。 To run that kind of addin is possible via OWA for Devices app, which could be downloaded via Play Store. 要通过OWA for Devices应用运行这种插件,可以通过Play商店下载。 Problem is that window.opener property is always null. 问题在于window.opener属性始终为null。 So I can't call back into application. 因此,我无法调回应用程序。 Is there any other way how to call back into application? 还有其他方法可以回调应用程序吗? How to access the parent window of the popup? 如何访问弹出窗口的父窗口?
1 个解决方案
解决方案1
1 已采纳 2017-03-14 14:30:09
The correct way of solving that problem is through WebSockets. 解决该问题的正确方法是通过WebSockets。 You can make sure that you're posting the credentials to a single client. 您可以确保将凭据发布到单个客户端。 In your web addin, start a socket 在您的Web插件中,启动一个套接字
Add-In - Client Javascript should look like: 加载项-客户端Javascript应该如下所示:
var socket = io('http://localhost');
var email = Office.context.mailbox.userProfile.email;
socket.on('oauth_providerName_'+email, function(data){
// Callback when you receive the credential data.
});
// Pop the user to the OAuth frame
Once the user is redirected from the OAuth experience back to your website, 将用户从OAuth体验重定向回您的网站后,
Website - Client Javascript 网站-客户端Javascript
var socket = io('http://localhost');
var email = Office.context.mailbox.userProfile.email;
socket.emit('oauth_cred_providerName_'+email, {credentials});
Server - depending on your chosen language, you pass the credential data through sockets to the Add-In client. 服务器-根据您选择的语言,将凭据数据通过套接字传递给外接程序客户端。
So ideally you have 3 components here: 因此,理想情况下,这里有3个组成部分:
- The add-in Javascript which listens to a credential socket with particular data (can be a cookie guid or a unique value like email address) 外接Java脚本,用于侦听带有特定数据的凭据套接字(可以是cookie guid或诸如电子邮件地址之类的唯一值)
- The webpage which you'll get redirected after the OAuth is complete, which is going to pass the credentials (Access Token / Refresh Token) via the sockets to the server. OAuth完成后将重定向到的网页,它将通过套接字将凭据(访问令牌/刷新令牌)传递给服务器。 (You can still host this as a page deployed with your add-in, what's important here is it should have a separate JS file) (您仍然可以将其托管为与外接程序一起部署的页面,这里重要的是它应该具有单独的JS文件)
- The server sockets, which will take the credentials and pass it to the add-in client. 服务器套接字,它将获取凭据并将其传递给外接程序客户端。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.