堆栈内存溢出
  简体   繁体   English

OAuth 1.0或2.0服务器实现?原生移动应用认证

[英]OAuth 1.0 or 2.0 server implementation? Native mobile application authentication

 原文  2011-12-11 21:17:16       java/ mobile/ oauth/ oauth-2.0/ facebook-oauth

问题描述

There are lots of resources describing OAuth usage in terms of clients, Facebook/LinkedIn/Twitter API usages. 有许多资源用于描述客户端,Facebook / LinkedIn / Twitter API用法方面的OAuth使用情况。 This is ok. 还行吧。 But I am interested in OAuth server implementation. 但我对OAuth服务器实现感兴趣。 The aim is to have the web application which also can be accessible by the mobile devices (native applications), so I need to setup OAuth on my back-end Java server. 目标是让Web应用程序也可以被移动设备(本机应用程序)访问,因此我需要在我的后端Java服务器上设置OAuth。 So I would like to know how LinkedIn/Facebook/Twitter implemented OAuth on their server side, and distinguish users between auth_token-s and grant the corresponding access (some kind database mapping - auth_token = user identity?). 所以我想知道LinkedIn / Facebook / Twitter如何在服务器端实现OAuth,并在auth_token-s之间区分用户并授予相应的访问权限(某种数据库映射 - auth_token =用户身份?)。

Or maybe there is the better way to authenticate mobile user (I'm going to use REST style services for back-end)? 或者可能有更好的方法来验证移动用户(我将为后端使用REST风格的服务)?

1 个解决方案

解决方案1
 5 已采纳  2011-12-12 07:28:17

Facebook, LinkedIn and Twitter have implemented OAuth following the specifications for OAuth 1 (Twitter LinkedIn) and the draft for OAuth 2 (Facebook, LinkedIn). Facebook,LinkedIn和Twitter已经按照OAuth 1 (Twitter LinkedIn)的规范和OAuth 2 (Facebook,LinkedIn)的草案实施了OAuth

I would suggest going for OAuth 1, or OAuth 2 User Agent Flow. 我建议使用OAuth 1或OAuth 2用户代理流程。 If your mind is set on OAuth that is. 如果你的想法是在OAuth上设置的话。 You could always go for simple basic authentication to begin with and focus on the really hard parts, namely the design of your API itself. 您可以始终选择简单的基本身份验证 ,并专注于真正困难的部分,即API本身的设计。

If your mind is set on OAuth, check out this list of code libraries: http://oauth.net/code/ . 如果您的想法设置在OAuth上,请查看以下代码库列表: http//oauth.net/code/ And also read up on the specifications, if you want to implement an OAuth provider, you have to know and understand the specs. 并且还要阅读规范,如果要实现OAuth提供程序,则必须了解并了解规范。 Otherwise you are in for a world of pain looking for out-of-the-box libraries that will solve everything "OAuthy" for you. 否则,您将面临一个痛苦的世界,寻找开箱即用的库,为您解决所有“OAuthy”问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 NetSuite的OAuth 1.0身份验证 - OAuth 1.0 Authentication for NetSuite 示例 OAuth 1.0 在 java 中的实现 - example OAuth 1.0 implementation in java 控制台应用程序中的OAuth 1.0 - OAuth 1.0 in console application 使用 OkHttp 的 Android Oauth 1.0 身份验证 - Android Oauth 1.0 Authentication with OkHttp 将 Xero oauth 1.0a 迁移到 2.0 (JAVA) - Migration Xero oauth 1.0a to 2.0 (JAVA) 使用Spring oAuth2.0进行身份验证 - Authentication with Spring oAuth2.0 身份验证Oauth 2.0 Google日历 - authentication Oauth 2.0 Google Calendar OAuth 1.0中的Spring-security-oauth OAuthProviderTokenServices自定义实现 - Spring-security-oauth OAuthProviderTokenServices custom implementation in OAuth 1.0 OAuth 2.0 客户端 ID 和机密 Java 实现 - OAuth 2.0 Client ID and Secret Java implementation 当应用程序在localhost上运行时,是否可以同时实现Spring OAuth2.0和基本身份验证? - Is it possible to implement both Spring OAuth2.0 and basic authentication when application running on localhost?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM