堆栈内存溢出
  简体   繁体   English

在多个网站之间共享令牌以防止在每个网站上登录

[英]Sharing token among multiple websites to prevent logins in each websites

 原文  2019-12-10 18:29:00       node.js/ express/ authentication/ session/ token

问题描述

Let us consider I have 2 websites A & B. Now I have logged into A using my credentials & a token has been generated.让我们考虑一下我有 2 个网站 A 和 B。现在我已经使用我的凭据登录到 A 并且生成了一个令牌。 I have stored the token & Client IP along with the token's expiry into the DB.我已将令牌和客户端 IP 以及令牌的到期时间存储到数据库中。 Now there is a button inside A which will redirect me to B. I want B to be authenticated with the same token so that I don't have to manually log into B.现在 A 中有一个按钮,它将我重定向到 B。我希望 B 使用相同的令牌进行身份验证,这样我就不必手动登录 B。

Also I cannot skip the login page of B every time as one might directly log into B (without A) at that time login is required .此外,我不能每次都跳过 B 的登录页面,因为当时需要登录时可能会直接登录 B(没有 A)。

So how can I get the token once B is launched only via A.那么一旦 B 仅通过 A 启动,我如何获得令牌。

1 个解决方案

解决方案1
 0 已采纳  2019-12-10 19:07:57

It sounds like you are trying to implement SSO (Single Sign-On) flow.听起来您正在尝试实施 SSO(单点登录)流程。 Let's say we have two sites "site-a.com" and "site-b.com".假设我们有两个站点“site-a.com”和“site-b.com”。 There multiple ways we could go about building SSO, the easiest would be to have a shared "gateway point" (let's call it "sso-site.com") that implements the following flow:我们可以通过多种方式构建 SSO,最简单的方法是拥有一个共享的“网关点”(我们称之为“sso-site.com”)来实现以下流程:

  • The user comes to site A用户来到站点A
  • They get redirected to the SSO gateway他们被重定向到 SSO 网关
  • SSO gateway checks for the token. SSO 网关检查令牌。 If found, it redirects the user back to the site A. If the user needs to login, they are redirected to the login page and then back to the site A.如果找到,则将用户重定向回站点 A。如果用户需要登录,则将其重定向到登录页面,然后返回站点 A。
  • Any link to site B will put the user through the same "gateway" (same authentication flow as above)任何指向站点 B 的链接都会使用户通过相同的“网关”(与上述相同的身份验证流程)

There are multiple ways the gateway could control the flow between sites, it all depends on the business logic you are building.网关可以通过多种方式控制站点之间的流量,这完全取决于您正在构建的业务逻辑。 The key part here is that the site navigation is forced through a central gateway that makes sure that the users who should log in are logged in and do so only once.这里的关键部分是站点导航是通过中央网关强制进行的,以确保应该登录的用户只登录一次。

Hope that helps!希望有帮助!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 NodeJS多个网站 - NodeJS multiple websites 抓取具有相同主题的多个网站 - Scraping multiple websites with the same theme 使用NGINX在一个VPS实例中的多个网站 - Multiple websites in one VPS instance with NGINX 对多个网站使用节点passport.js - using node passport.js for multiple websites 如何防止移动应用程序中的多次登录 - How to prevent multiple logins in mobile applications Puppeteer: 接受多个带有 cookie 横幅的网站中的所有 cookie - Puppeteer: Αccept all cookies in multiple websites with cookie banner "使用 Node.js Express 托管多个网站" - Host multiple websites using Node.js Express 是否可以使用Node.js从多个网站抓取数据? - Is it possible to scrape data from multiple websites with Node.js? 寻找为多个网站建立集中式身份验证的最佳方法 - Looking for the best way to build centralized authentication for multiple websites 多个网站指向一个 Node.js 应用程序,提取主机名 - Multiple websites pointing to a Node.js application, extract hostname
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM