im trying to implement a login with facebook/twitter functionality in my app, i read some guides on oAuth, and i think i understood some of the basic concept, and here is what i understood (please correct me if i'm wrong):
我试图在我的应用程序中实现登录与facebook / twitter功能,我阅读oAuth的一些指南,我想我理解了一些基本概念,这是我理解的(如果我错了请纠正我):
- myApp send request to the oAuth provider, get the (A)request token.
- myApp向oAuth提供者发送请求,获取(A)请求令牌。
- send user to authenticate the (A), returns with (B)authenticated request token (is this whats called oAuth token?)
- 发送用户验证(A),返回(B)经过身份验证的请求令牌(这是什么称为oAuth令牌?)
- use the (B) to get the (C)access token.
- 使用(B)获取(C)访问令牌。
- use C to access user information.
- 使用C来访问用户信息。
and here is what i can't get around my head, which one of these that i should use/store to identify the user? i thought about the possibility of using each one of those, but im always stuck on how to check if the user has signed in before...
这是我无法解决的问题,我应该使用/存储哪一个来识别用户?我想到了使用其中每一个的可能性,但我总是坚持如何检查用户是否已登录...
1 个解决方案
#1
10
If all you need is just authentication, then storing only user_id
is enough.
如果您只需要身份验证,那么仅存储user_id就足够了。
So create another table like:
所以创建另一个表,如:
id | service_name | user_id | my_user_id
where service_name
is either twitter
or facebook
, user_id
- is user's id from twitter/facebook and my_user_id
is a user_id
in your authentication system.
其中service_name是twitter或facebook,user_id - 来自twitter / facebook的用户id,my_user_id是认证系统中的user_id。
So:
所以:
SELECT my_user_id FROM oauths WHERE service_name = 'twitter' AND user_id = 42
would return you your system user_id or nothing
会返回你的系统user_id或什么也没有
PS: service_name
could (and should) be normalized, I kept it as a string just to simplify an example
PS:service_name可以(并且应该)进行规范化,我将其保留为字符串只是为了简化示例
PPS: as you said in comments you probably would want "posting/tweeting".
PPS:正如你在评论中所说,你可能想要“发帖/发推”。
In that case you need to store user's access token for twitter, and store nothing additional for facebook, but request for publish_stream
permission when authenticate user.
在这种情况下,您需要为twitter存储用户的访问令牌,并且不为facebook存储任何其他内容,但在验证用户时请求publish_stream权限。
#1
10
If all you need is just authentication, then storing only user_id
is enough.
如果您只需要身份验证,那么仅存储user_id就足够了。
So create another table like:
所以创建另一个表,如:
id | service_name | user_id | my_user_id
where service_name
is either twitter
or facebook
, user_id
- is user's id from twitter/facebook and my_user_id
is a user_id
in your authentication system.
其中service_name是twitter或facebook,user_id - 来自twitter / facebook的用户id,my_user_id是认证系统中的user_id。
So:
所以:
SELECT my_user_id FROM oauths WHERE service_name = 'twitter' AND user_id = 42
would return you your system user_id or nothing
会返回你的系统user_id或什么也没有
PS: service_name
could (and should) be normalized, I kept it as a string just to simplify an example
PS:service_name可以(并且应该)进行规范化,我将其保留为字符串只是为了简化示例
PPS: as you said in comments you probably would want "posting/tweeting".
PPS:正如你在评论中所说,你可能想要“发帖/发推”。
In that case you need to store user's access token for twitter, and store nothing additional for facebook, but request for publish_stream
permission when authenticate user.
在这种情况下,您需要为twitter存储用户的访问令牌,并且不为facebook存储任何其他内容,但在验证用户时请求publish_stream权限。