跨客户端身份服务器到客户端传递访问令牌
[英]Cross-client Identity server to client passing access token
问题描述
I am implementing a web application with client and server running on different domains. 
我正在实现一个Web应用程序,其客户端和服务器在不同的域上运行。
I have implemented google based authentication using spring security on server side. 我已经在服务器端使用spring security实现了基于谷歌的身份验证。
Now, when client calls for login API, server redirects it to google page for authentication. 现在,当客户端调用登录API时,服务器会将其重定向到谷歌页面进行身份验证。 After authentication done, server needs to send access_token to client. 身份验证完成后,服务器需要将access_token发送给客户端。
As client is sitting on different domain, I am not able to pass access_token in header or cookie using response.sendRedirect(baseUrl) 由于客户端位于不同的域,我无法使用response.sendRedirect(baseUrl)在头或cookie中传递access_token
Is there any other way to handle token based authentication in such situation. 在这种情况下,还有其他方法可以处理基于令牌的身份验证。
1 个解决方案
解决方案1
0 已采纳 2017-03-23 05:41:27
While scanning through various options I came across two solutions: 在扫描各种选项时,我遇到了两个解决方案:
Link shows how to set cookie from one page to another http://subinsb.com/set-same-cookie-on-different-domains
链接显示如何将cookie从一个页面设置为另一个页面http://subinsb.com/set-same-cookie-on-different-domains After authenticating successfully on server side it redirects temporarily to a local screen which internally will call client as explained in the above link.
在服务器端成功验证后,它会暂时重定向到本地屏幕,该屏幕内部将按照上述链接中的说明调用客户端。 Other way is -
其他方式是 -
To make login request, client will popup a separate window and pass a secure_id along with request.要发出登录请求,客户端将弹出一个单独的窗口并传递secure_id和请求。 Also, client stores this secure_id temporarily. 此外,客户端临时存储此secure_id。 Once server completes authentication, it redirects to client page notifying client to close popup window. 服务器完成身份验证后,会重定向到客户端页面,通知客户端关闭弹出窗口。 Once popup window is closed, client can request for Access token from server using secure_id which it had stored.
关闭弹出窗口后,客户端可以使用已存储的secure_id从服务器请求访问令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.