在哪里存储社交登录 Oauth2 访问令牌
[英]Where to store Social Login Oauth2 access tokens
问题描述
I'm trying to build a Spring Boot REST API that will implement social login(Spotify).
我正在尝试构建一个 Spring Boot REST API,它将实现社交登录(Spotify)。 After successful login with Spotify, I would like to store the Spotify access_token in my JWT token that I'm generating to be able to access my backend.使用 Spotify 成功登录后,我想将 Spotify access_token 存储在我生成的 JWT 令牌中,以便能够访问我的后端。 I need a Spotify access token to be able to make API calls to Spotify(almost every request to my app will need to call Spotify API).我需要一个 Spotify 访问令牌才能对 Spotify 进行 API 调用(几乎每个对我的应用程序的请求都需要调用 Spotify API)。 Is it a good practice to store access tokens to external services in JWT?在 JWT 中存储对外部服务的访问令牌是一种好习惯吗? Or should I store the access token in my DB and read it when I need it?或者我应该将访问令牌存储在我的数据库中并在需要时读取它? Maybe do you have any guides on how to implement stateless REST API that will call external services?也许您有关于如何实现将调用外部服务的无状态 REST API 的任何指南?
1 个解决方案
解决方案1
0 2021-07-26 03:19:48
usually, I store access token in Redis, it's faster then DB.通常,我将访问令牌存储在 Redis 中,它比 DB 快。 if you use DB, every quest will link DB twice,one for get user infomation(like username and password),one for read the access token.如果你使用 DB,每个任务都会链接 DB 两次,一次用于获取用户信息(如用户名和密码),一次用于读取访问令牌。 When the frequency of quest is very small,it's ok.任务频率很小的时候,没问题。 but when the frequency of quest more and more, store in DB, will very waste of performance.但是当请求的频率越来越多时,存储在DB中,会非常浪费性能。 Use Redis have another advantage,it has expire time.使用Redis还有一个好处,就是有过期时间。 So, most of my project, I use Redis store token.所以,我的大部分项目,我使用 Redis 存储令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.