如何为API驱动的Web应用程序保留登录凭据
[英]How To Persist Login Credentials for an API-driven Web App
问题描述
I'm about to embark on developing a front-end that will let users login to a service and perform certain tasks. 
我将着手开发前端,使用户可以登录到服务并执行某些任务。 All of the tasks are being performed through a 3rd party's API using. 所有任务都通过使用第三方的API来执行。
I'm doing this with PHP & Zend Framework. 我正在使用PHP和Zend Framework进行此操作。
My question: how does one persist the login credentials if every API call requires the login to be passed in the headers? 我的问题:如果每个API调用都要求将登录名传递到标头中,那么如何保留登录凭据?
A user will be authenticated first through a /login controller and then will stay authenticated for their session. 首先将通过/ login控制器对用户进行身份验证,然后对他们的会话进行身份验证。
1 个解决方案
解决方案1
1 已采纳 2010-12-28 20:33:22
I had simple suggestion 我有个简单的建议
you can write your custom Zend_auth_adapter and I'd like to make it singleton class that can validate your login data over the API and save the result object inside the session object 您可以编写自定义的Zend_auth_adapter ,我想使其成为单例类 , 该类可以通过API验证您的登录数据并将结果对象保存在会话对象中
class My_Auth_adapther implements Zend_Auth_Adapter_Interface {
public static function getinstance($username , $password ){
return $this->authenticate($username , $password );
}
private function authenticate($username , $password ){
// make sure to check if the session has been already created in order to save one api request
// do your api call (login request ) her
// return false if its not valid
// or return stdobject that contain ($username , $password ) , for any post usage
}
}
and don't allow any further call to your api if that object doesn't exist (in other words == not logged in ) 如果该对象不存在,则不允许对其进行任何进一步的调用(换句话说==未登录)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.