使用 OAuth 2,我只需要限制用户访问允许的资源,其中与 API 的连接是通过 ext.js REST 代理进行的。ext.js 代理负责数据检索和维护模型关系。我还没有找到一种优雅的方式来根据登录的用户从代理到后端进行不同的调用。
我想知道登录到我的应用程序的每个用户的代理是否必须不同,因为每个用户都有自己的访问令牌。
另一种选择是让代理在代理初始化过程中了解登录用户,并以持久方式保存此信息。
以前有没有人解决过类似的情况?
问问题
1771 次
1 回答
1
The article gives a detailed explanation on how to use OAuth2 with Sencha Touch.
There are several ways to use OAuth. One uses redirects after the initial authentication (for this you might use an iFrame inside a Sencha login view). The other uses your backend server as an intermediary to the OAuth server that can avoid the iFrame solution but requires more logic on your server.
You can then use a session cookie which will be resent with all HTTP requests including your REST calls. Most back ends support session cookies and so all you need to do then is look up the user ID you stored in the session object as part of your REST API code.
Another option is to set a custom HTTP header in each REST call that requires authentication. To avoid duplicate code, create a derived class from the Sencha proxy class to set the header containing the access token. You can store the access token in a Store or on the Application object or as a static value on the proxy. I've done this for both REST proxy calls and Sencha Direct proxy calls.
AJAX Proxy header property:
于 2014-04-18T07:23:59.140 回答