[英]Sharing token among multiple websites to prevent logins in each websites
Let us consider I have 2 websites A & B. Now I have logged into A using my credentials & a token has been generated.让我们考虑一下我有 2 个网站 A 和 B。现在我已经使用我的凭据登录到 A 并且生成了一个令牌。 I have stored the token & Client IP along with the token's expiry into the DB.我已将令牌和客户端 IP 以及令牌的到期时间存储到数据库中。 Now there is a button inside A which will redirect me to B. I want B to be authenticated with the same token so that I don't have to manually log into B.现在 A 中有一个按钮,它将我重定向到 B。我希望 B 使用相同的令牌进行身份验证,这样我就不必手动登录 B。
Also I cannot skip the login page of B every time as one might directly log into B (without A) at that time login is required .此外,我不能每次都跳过 B 的登录页面,因为当时需要登录时可能会直接登录 B(没有 A)。
So how can I get the token once B is launched only via A.那么一旦 B 仅通过 A 启动,我如何获得令牌。
It sounds like you are trying to implement SSO (Single Sign-On) flow.听起来您正在尝试实施 SSO(单点登录)流程。 Let's say we have two sites "site-a.com" and "site-b.com".假设我们有两个站点“site-a.com”和“site-b.com”。 There multiple ways we could go about building SSO, the easiest would be to have a shared "gateway point" (let's call it "sso-site.com") that implements the following flow:我们可以通过多种方式构建 SSO,最简单的方法是拥有一个共享的“网关点”(我们称之为“sso-site.com”)来实现以下流程:
There are multiple ways the gateway could control the flow between sites, it all depends on the business logic you are building.网关可以通过多种方式控制站点之间的流量,这完全取决于您正在构建的业务逻辑。 The key part here is that the site navigation is forced through a central gateway that makes sure that the users who should log in are logged in and do so only once.这里的关键部分是站点导航是通过中央网关强制进行的,以确保应该登录的用户只登录一次。
Hope that helps!希望有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.