堆栈内存溢出
  简体   繁体   English

在具有Java REST后端的iPhone应用程序中使用第三方oauth2服务

[英]Using 3rd party oauth2 service in iPhone app with Java REST backend

 原文  2012-08-13 06:50:48       java/ rest/ oauth-2.0

问题描述

I'm working on a Java REST server serving an iPhone app. 我正在为iPhone应用程序提供Java REST服务器。 Now we have to integrate with third party service exposed by oauth2 protocol. 现在,我们必须与oauth2协议公开的第三方服务集成。 This is new to me so I've been reading and writing some "proof of concept" code but I have a big problem or I fundamentally don't understand something... 这对我来说是新手,所以我一直在阅读和编写一些“概念验证”代码,但是我遇到了很大的问题,或者我根本不了解某些内容。

I made a simple web page with "log in with XXX" button that the user sees in a web view. 我用用户在Web视图中看到的“用XXX登录”按钮制作了一个简单的网页。 When he clicks it, login page of the third party service opens and he can approve my app, at what time they will redirect the user to an URL I've specified with the authorization code as a parameter. 当他单击它时,将打开第三方服务的登录页面,他可以批准我的应用程序,他们何时将用户重定向到我以授权码作为参数指定的URL。 This URL points to a REST service on my server. 该URL指向我服务器上的REST服务。

The problem is that this URL must be absolutely the same as the one I've set up when applying my app for their service. 问题在于,该URL必须与将我的应用程序用于其服务时设置的URL完全相同。 Since I'm running a REST server I have no way of knowing about which user are we talking about when the redirection to my server happens (there is no session). 由于我正在运行REST服务器,因此无法知道当重定向到我的服务器(没有会话)时我们在谈论哪个用户。 I wanted to do this identification with some query or path param but they are not allowing it. 我想使用一些查询或路径参数来进行此标识,但他们不允许这样做。

Does any of this makes sense to you or am I implementing this in a wrong way? 这对您来说有意义吗,还是我以错误的方式实现了? The only possible solution I can imagine now will be with the help of cookies but I'm not really fond of that... 我现在能想到的唯一可能的解决方案将是在Cookie的帮助下,但我对此并不满意。

1 个解决方案

解决方案1
 1 已采纳  2012-08-13 09:45:41

Yes, that does make sense. 是的,确实有道理。 You got a few different options, try one of these: 您有几种选择,请尝试以下一种:

  • Store a cookie with some user id and read it out after redirection 存储具有某些用户ID的cookie,并在重定向后将其读出
  • Use the state parameter of the authorization request for transmitting some user id. 使用授权请求的state参数来传输某些用户标识。 The provider is required to return it back to you in his redirect. 提供者需要通过重定向将其返回给您。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用第三方OAuth2服务器登录Spring Security应用程序 - Log into a Spring Security application using a 3rd party OAuth2 server 用于第 3 方服务器的 Java 应用程序 - Java app for 3rd party server 在 JSP 上使用第 3 方 Java 库 - Using 3rd Party Java Libraries on JSP 用于确定“最新Java版本”的Oracle或第三方服务 - Oracle or 3rd party service for determining 'latest Java version' GAE Google App Engine Java验证码(无第三方) - GAE Google App Engine Captcha for Java (no 3rd party) 在没有第三方库的Java中使用C#DLL - Using a C# DLL in Java without 3rd party libraries 使用Selenium Webdriver Java检索第三方和所有Cookie - Retrieving 3rd party and All Cookies using Selenium Webdriver Java Java 9:使用第三方jar生成JLink的运行时映像 - Java 9: Generating a runtime image with JLink using 3rd party jars 用于第 3 方系统的 Java 并行调用 - Java Parallel Invocation for 3rd party system 第三方库中的java applet AccessControlException - java applet AccessControlException in 3rd party library
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM