OAuth2提供者:如何提供登录页面以便让oauth客户端获取资源所有者ID
[英]OAuth2 Provider: How to offer a login page in order to let oauth clients get the resource owner id
问题描述
I'm developing a RESTful API in Rails3 and a corresponding OAuth2 provider (consumed by android clients). 
我正在Rails3和相应的OAuth2提供程序(由Android客户端使用)中开发RESTful API。
I supply the typical routes: 我提供了典型的路线:
authorize => Authorization Grant 授权=>授权授予
token => receive access_token 令牌=>接收access_token
All this is working and my mobile clients receive and save the access tokens for the resource owners. 所有这些都在起作用,我的移动客户端接收并保存了资源所有者的访问令牌。
But now, how do I inform the mobile client about who is currently using the app and which access_token it has to use from the database? 但是现在,如何通知移动客户端当前谁在使用该应用程序以及必须从数据库使用哪个access_token?
I need a login page and then perhaps send the user's id to an app's callback URL? 我需要一个登录页面,然后将用户ID发送到应用的回调URL? Is there a standard process for this? 是否有标准流程? What kind of login page mobile clients can handle best? 哪种登录页面移动客户端可以最好地处理?
1 个解决方案
解决方案1
0 2012-02-10 07:32:21
OK obviously you don't care about authenticating the user on smartphones. 好的,显然您不关心在智能手机上对用户进行身份验证。 At least one should offer and API resource to invalidate an access_token (Logout via App). 至少应提供一个API资源,以使access_token(通过App注销)无效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.