我有两个 Rails 应用程序,我想在另一个应用程序(例如应用程序 B)中接受来自一个应用程序(例如应用程序 A)的用户登录凭据。对于接受登录凭据的应用程序(应用程序 B),我认为最好的选择是使用 OAuth。但是对于正在使用其用户凭据的应用程序(应用程序A),我如何允许其他站点使用用户的登录信息?我是否也使用 OAuth 或类似Doorkeeper的东西?如您所知,我对用户身份验证非常陌生,因此任何建议都会有所帮助!
问问题
492 次
1 回答
5
One possible way to solve the problem is to create a doorkeeper-based standalone app that would contain all of a user's credentials. Then your client apps would actually connect with this "auth app" (using Oauth.) Then when the client is authenticated on the Auth App, they get returned to the Client app. Of course, from a UI perspective, you make this seamless, so your login page would actually be on this Auth app, but it would look seamless to the user. This way, you can add as many apps as you want and the credentials would all be in one place. To answer your specific question, you would use Oauth2 on your Client apps and Doorkeeper on your Auth App.
You'll need to tweak the doorkeeper configurations to make this process "clean" to the user. For example for internal apps, you can safely use the skip_authorization method in doorkeeper. Learn more about that here
This doorkeeper/oauth system has the added benefit of decoupling your authentication logic from your main application, which is fundamental to good Service Oriented Design. There are certainly other ways to approach this problem, but given the context of your question, yes, Doorkeeper and Oauth2 would solve your problem.
于 2013-06-17T21:47:56.390 回答