[英]What is the Best practice for passing access_token to make an API call
I have developed a Rails Application which is using Oauth 2 for Authorization . 我已经开发了使用Oauth 2进行授权的Rails应用程序。 Currently for accessing API calls i am passing access_token as URL parameter , I heard that token can also be passed as Header.
目前,为了访问API调用,我正在将access_token作为URL参数传递,听说令牌也可以作为Header传递。 Which is the best practice for passing access_token and why?
传递access_token的最佳实践是什么,为什么?
I am using Devise + Doorkeeper for Oauth support. 我正在使用Devise + Doorkeeper来支持Oauth。
Please give me some suggesstion.. 请给我一些建议。
As header you can make like this in controller: 作为标题,您可以在控制器中进行如下操作:
before_filter :authenticate
protected
def current_user
@current_user
end
def authenticate
token = request.env["HTTP_ACCESS_TOKEN"]
@current_user = User.where(authentication_token: token).first if token.present?
unless token && current_user.present?
#error handling goes here.
end
end
It's common to see access_token present in Headers. 通常在标头中看到access_token。 Look: What are headers for?
看:标头用于什么? They are for the metainformation about the request.
它们用于有关请求的元信息。 And accesstoken, undoubtedly, is metainformation.
毫无疑问,accesstoken是元信息。
I'm not sure if my answer is complete, there could be some extra pitfalls I don't know about. 我不确定我的答案是否完整,可能会有一些我不知道的陷阱。 Correct me if I'm wrong.
如果我错了纠正我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.