在Oauth2中哪里存储client_id和client_secret?
[英]Where to store client_id and client_secret in Oauth2?
问题描述
I would like to bring a login with Github and Facebook to my single page web app, the server is under my control. 
我想将Github和Facebook登录到我的单页Web应用程序中,服务器由我控制。
In this tutorial https://spring.io/guides/tutorials/spring-boot-oauth2/ they store the client_id and client_secret in a file. 在本教程https://spring.io/guides/tutorials/spring-boot-oauth2/中,它们将client_id和client_secret存储在文件中。
Wouldn't it be more convenient if I stored these 2 in my backend database ? 如果将这2个存储在后端数据库中会更方便吗? Let's say someone who's not a programmer would like to register the web app to a new service , he could do that easily opening the database , he doesn't have to crawl into the backend project code. 假设不是程序员的人希望将Web应用程序注册到新服务,他可以轻松地打开database ,而不必爬入后端项目代码。
If not then where should these 2 be stored ? 如果不是,那么这2个应该存储在哪里?
1 个解决方案
解决方案1
1 已采纳 2017-04-05 14:25:45
If you talk about the convenience, storing these in a property file is a good option. 如果您谈论便利,将它们存储在属性文件中是个不错的选择。 By doing so, the properties can be easily loaded into the application during the startup. 这样,可以在启动过程中轻松地将属性加载到应用程序中。 If you change the values, all you need to do is just restart the app and the new values will be reflected. 如果更改值,则只需重启应用程序,新值就会反映出来。
I am not sure I understand your non-programmer related comment 100%. 我不确定我是否100%理解您与程序员无关的评论。 But IMO, for a non-programmer, modifying a file is much easier than modifying the DB. 但是,对于非程序员而言,IMO修改文件比修改DB容易得多。
Just to be more clear, the client id and the client secret represents the credentials of your application registered with the social media (like facebook). 为了更清楚一点,客户端ID和客户端机密代表在社交媒体(如Facebook)上注册的应用程序的凭据。
Ans yes, you can store these in DB as well. 是的,您也可以将它们存储在数据库中。 But then, you need to write code to fetch these values from the DB and load into your application. 但是随后,您需要编写代码以从数据库中获取这些值并加载到您的应用程序中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.