直接在Cookie中的客户端计算机上保存OAuth WRAP访问令牌?
[英]Save OAuth WRAP access tokens directly on client machine in a cookie?
问题描述
I'm planning to setup a website that would access an oauth wrap framework. 
我打算设置一个可以访问oauth wrap框架的网站。 I was thinking of storing the access token on the client machine as it is. 我正在考虑将访问令牌存储在客户端计算机上。 I do NOT want to maintain a database of temporary tokens, etc on the server. 我不想在服务器上维护临时令牌等数据库。
Should I be doing do? 我应该这样做吗? Or should I encrypt it? 或者我应该加密它?
1 个解决方案
解决方案1
0 2011-07-04 05:51:33
First, why are they not using OAuth 2.0... 首先,他们为什么不使用OAuth 2.0 ...
You can store the OAuth credentials in a cookie or better yet, in HTML5 local storage. 您可以将OAuth凭据存储在cookie中,或者更好地存储在HTML5本地存储中。 It should be encrypted so that only the server has access to this cookie and only the server can use the token. 它应该加密,以便只有服务器才能访问此cookie,只有服务器才能使用该令牌。 Also, it should be a secure cookie to prevent it from leaking out. 此外,它应该是一个安全的cookie,以防止它泄漏。 Do at least one of these two (secure, encrypt). 至少执行这两个中的一个(安全,加密)。
But keep in mind that cookies can be lost, and if they user logs into your site, it will not work from other machines. 但请记住,cookie可能会丢失,如果用户登录到您的站点,它将无法在其他计算机上运行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.