我已经在 php 中实现了 oAuth(目前用于 twitter),正如我在几个教程中读到的,你应该将访问令牌存储在 db 中以备将来使用.但是,我不知道您如何知道您是否为特定用户存储了访问令牌,以决定是否应将其从数据库中取出或重新生成.这是描述我的问题的流程:
I've implemented the oAuth in php (currently for twitter) and as I've read in several tutorials you should store the access token in db for future use. However I don't see how you know if you have the access token stored for a particular user to decide if you should pull it out of the db or regenerate it. Here's a flow describing my question:
oAuth 的主要工作流程很明确,但不清楚如何处理回访用户以及应存储或不存储哪些数据.
The main workflow for oAuth is clear, however it is not clear how to handle returning users and which data should be stored or not.
一百万谢谢!
您不应为每次访问重新生成令牌.仅在过期时生成它.我已经使用 OAuth 构建了 twitter 应用程序.这是我的流程:
You should not regenerate token for each access. Generate it only when it's expired. I've build twitter application using OAuth. Here my flow:
当用户登录时,我会检查他们在数据库中是否有令牌
when user login, I will check if they have token in DB
1.1.如果不存在,则对其进行身份验证,然后存储和使用生成的令牌
1.1. If it's not exists, authenticate them and then store and use the resulting token
1.2.如果存在,请使用它.
1.2. If it's exists, use it.
1.2.1.如果 twitter 没有抱怨,那么令牌仍然有效,使用它.
1.2.1. If twitter doesn't complain, then the token still valid, use it.
1.2.2.如果 twitter 抱怨,则令牌已过期.返回 1.1.
1.2.2. If twitter complained, then the token is expired. Return to 1.1.
1.2.3.如果在 x 重试之后 twitter 仍然抱怨.有问题,通知管理员!
1.2.3. If after x retry twitter still complained. Something wrong, notify admin!
这是图形解释:
这篇关于每次用户登录时都应该生成oAuth中的访问令牌吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!