How does the google+ login button pass the token to the client?
Question
Most implementations of oauth2 on the client side require some kind of redirect, where you redirect your user to a login page, which on successful login and authorization, redirects back to your site with a token in the query string or hash fragment. But How does the google+ sign in button work, it never redirects you. I know you can do this inside a window, and have the window that receives the token report back to its parent window, but in that case, the login button would have to have controle over one page on the consumer's domain, which afaik, it doesn't.
1 answers
solution1
2 ACCPTED 2013-06-20 17:51:29
You load the external JavaScript onto your domain, it has access to that page. Not that much different than if you load something like jQuery from a CDN.
The JavaScript is able to work with the launched authorization window and retrieve the authorization object from that window and the client library then sets and uses the token on the client side. If you need server-side tokens, you'll need to do the one-time-code flow , which is more secure than your typical OAuth server-side flow via redirects.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.