[英]Spring Boot, React and OpenId Connect
We have a use case where we are implementing OpenId Connect in a Spring Boot (backend) + React (frontend) application.我们有一个用例,我们在 Spring Boot(后端)+ React(前端)应用程序中实施 OpenId Connect。 We are implementing Authorization code flow.
我们正在实施授权代码流程。
The backend and frontend are on separate domain.后端和前端位于不同的域中。
Here is the flow that happens:这是发生的流程:
return "redirect://http://www.yourfrontenddomain.com?access_token" + tokenValue;
return "redirect://http://www.yourfrontenddomain.com?access_token" + tokenValue;
Am i missing something here or my approach is fine?我在这里遗漏了什么或者我的方法很好吗?
Using Implicit flow here would be easier - but this is less secure and only recommended for Javascript apps - here we have a mix of Backend + Frontend.在这里使用隐式流会更容易——但这不太安全,并且只推荐用于 Javascript 应用程序——这里我们有后端 + 前端的组合。
Thanks a lot in advance非常感谢提前
Ok it seems i was not understanding the concepts correctly.好的,看来我没有正确理解这些概念。 Authorization code flow with PCKE is exactly made for this use case - to be used in SPA's or Mobile clients.
PCKE 的授权代码流正是为这个用例而设计的——用于 SPA 或移动客户端。 By using that flow, we can just use Spring Security and just validate the tokens on the backend (without generating them or anything)
通过使用该流程,我们可以只使用 Spring Security 并只在后端验证令牌(不生成它们或任何东西)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.