如何使用React前端使用IBM App ID在单独的节点服务器上登录?
[英]How can I use a React frontend to login on a separate node server using IBM App ID?
问题描述
I want to use IBM app id to perform authentication from a React app using a separate node app. 
我想使用IBM应用程序ID来使用单独的节点应用程序从React应用程序执行身份验证。 I have verified that authentication is possible when the web pages are served from the the node app (ie my configuration is correct). 我已经验证了从节点应用程序提供网页时可以进行身份验证(即,我的配置正确)。 I'm using the article below as a guide. 我将以下文章用作指导。
My understanding of the flow is as follows: The frontend calls a login api on the backend node server. 我对流程的理解如下:前端在后端节点服务器上调用登录api。 The node server calls the authorize oauth endpoint which returns (redirects) to the App ID login page to the frontend via the node server. 节点服务器调用authorize oauth端点,该端点通过节点服务器返回(重定向)到前端的App ID登录页面。
Is this understanding correct? 这种理解正确吗? If so, how is App ID configured (in the node server) to redirect the React frontend to the App ID login page? 如果是这样,如何(在节点服务器中)配置App ID以将React前端重定向到App ID登录页面?
https://www.ibm.com/cloud/blog/securing-angularnode-js-applications-using-app-id https://www.ibm.com/cloud/blog/securing-angularnode-js-applications-using-app-id
1 个解决方案
解决方案1
0 2019-11-27 19:08:54
I will use FE for your front end and BE for your backend 我将FE用作您的前端,BE用作您的后端
A user goes to a page on your FE that requires authorization. 用户转到您的FE上需要授权的页面。 The FE redirects the user to the App ID authorization URL. FE将用户重定向到App ID授权URL。 The user authenticates with App ID. 用户使用App ID进行身份验证。 App ID provides the browser with a code and a redirect URL to go back to your website or any authorized URL. 应用ID为浏览器提供了code和重定向URL,可返回您的网站或任何授权的URL。 This can be your BE. 这可以是您的BE。 Your BE processes the code and exchanges it for OAuth tokens (depending on the request: Access Token, Identity Token, Refresh Token). 您的BE将处理该代码并将其交换为OAuth令牌(取决于请求:访问令牌,身份令牌,刷新令牌)。 The BE now needs to redirect the user back to your FE. 现在,BE需要将用户重定向回您的FE。
The problem is that you do not want to pass the OAuth tokens to the FE using the redirect. 问题是您不想使用重定向将OAuth令牌传递给FE。 This means you need another method of the BE calling the FE to pass the tokens for this user. 这意味着您需要BE调用FE的另一种方法来为此用户传递令牌。
None of this takes any processing power on your side and consists of very simple code. 这一切都不会占用您任何处理能力,而是由非常简单的代码组成。 Review your design to see if you really need to complicate this with FE and BE communication. 审查您的设计,看看您是否真的需要通过FE和BE沟通使之复杂化。
Is this understanding correct?
The BE does not redirect the user unless the user is on a web page of the BE. 除非用户位于BE的网页上,否则BE不会重定向用户。 You could call your BE to start the authorization process and have the BE return the redirect URL to the FE, but the page the user is on must send the redirect to the user (for example a button click). 您可以致电BE以启动授权过程,并让BE将重定向URL返回给FE,但是用户所在的页面必须将重定向发送给用户(例如,单击按钮)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.