好的,让我们假设以下工作流程:
Client ----> Server (I Want to login via-facebook, here is the Auth Token from Js Sdk)
Server ----> Facebook (Get permissions list)
Server ----> Client (Redirect-login, to OK ALL DONE)
您如何从这里开始,以确保客户在向他们展示另一个页面之前拥有特定的权限?IE:
Client ----> Server (I want page at url XXX)
Server ----> Database (Permission list has the needed permissions for this url, so ok)
Server ----> Client (Permission list was ok, here is the page)
但是,客户端可能在某些时候撤销了某些权限,甚至完全从服务器中删除了访问权限。因此,我们需要在每次需要确保访问权限时实际询问 facebook,而不是将权限存储到数据库,如下所示:
Client ----> Server (I want page at url XXX)
Server ----> **Facebook** (Permission list has the needed permissions for this url, so ok)
Server ----> Client (Permission list was ok, here is the page)
当然,此工作流程无法扩展,会使加载时间变得非常长,并且通常是错误的。是否有另一种方法可以确保在加载页面之前客户端已获得授权(以及特定权限)?