还记得使用部署到移动设备的纯HTML5应用程序的登录凭据吗?
[英]Remember login credentials using pure HTML5 app deployed to mobile?
问题描述
I'm mainly a back-end programmer but I have done some pre-mobile web development before. 
我主要是后端程序员,但之前我已经做过一些移动前Web开发。
If I create a native HTML5 app that is nothing but HTML5 and javascript (Zero native mobile app code), is there a way to remember login credentials? 如果我创建的HTML5本机应用程序不过是HTML5和javascript(零本机移动应用程序代码),是否可以记住登录凭据? I see other apps do after the account creation on the mobile device. 在移动设备上创建帐户后,我看到其他应用程序也会这样做。
Here is the process flow but I can't get my head around if #3 is possible with a non-native mobile app. 这是流程,但是如果使用非本机移动应用程序可以实现#3,我将不知所措。
- User downloads/installs mobile app. 用户下载/安装移动应用程序。
- They launch and it goes through an account create setup the first time. 他们启动,并首次通过帐户创建设置。
- The next time they run the app I was hoping it would remember who they are and pass me the appropriate credentials so I don't have to have the login screen each time they launch the app. 下次他们运行该应用程序时,我希望它会记住他们是谁,并向我传递适当的凭据,这样,每次他们启动该应用程序时,我都不必具有登录屏幕。
1 个解决方案
解决方案1
0 已采纳 2018-09-10 16:32:26
Once the user has successfully authenticated, you can pass a token from the server to the app, and store that token on the client app in either localStorage or indexedDB. 用户成功通过身份验证后,您可以将令牌从服务器传递到应用程序,并将该令牌存储在客户端应用程序中的localStorage或indexedDB中。 Then use the token to log the person in. Make sure that the token is actually part of a serialized object which includes the token's expiration. 然后使用令牌登录该人。请确保该令牌实际上是包含令牌过期的序列化对象的一部分。 For example: 例如:
"rememberLogin": {
"token": "43f250704a6bc737c830cc43739973b14e67ada07dca378a1725c3106c8e4f0f607cf11e2a3a2b08e8c053c19ccc781faf4f549e0e42cf6e2fe3b018a35da0f513ffe577f6d241db54a83ef30584c06e",
"expiry": "2018-09-10T16:35:00.304Z"
}
The token's expiration date as stored on the client is for UX purposes only (you can use it to force the user to be taken to the login form once the expiration date has passed). 存储在客户端上的令牌的到期日期仅用于UX目的(您可以使用它在过期日期过后将用户强制进入登录表单)。 For security purposes, use the token's expiration as stored on the server (not the one on the client) to verify the token's actual authenticity. 为了安全起见,请使用存储在服务器上 (而不是客户端上的令牌)的令牌过期来验证令牌的真实性。 Also make sure that after each successful token-based authentication, you either delete the token in the database or flag it as having been used; 另外,请确保在每次成功的基于令牌的身份验证之后,删除数据库中的令牌或将其标记为已使用。 also on the client, you should replace the old token with a new one. 同样在客户端上,您应该将旧令牌替换为新令牌。
I emphasize locally storing a token to facilitate "remembered logins," rather than locally storing the user's username and password. 我强调在本地存储令牌以促进“记住的登录”,而不是在本地存储用户的用户名和密码。 Never store the username and password on the client; 切勿将用户名和密码存储在客户端上; if you do, they can be too-easily discovered, and they are much more sensitive then an unpredictable token with an expiration date. 如果这样做的话,它们很容易被发现,并且它们的敏感性要比带有到期日期的不可预测的令牌敏感得多。 A token with an expiration date is the way to go. 带有到期日期的令牌是可行的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.