doucheng3407 2011-03-26 13:20
浏览 63
已采纳

PHP oauth服务器的登录过程

I'm implementing the oauth php server as described here:

http://code.google.com/p/oauth-php/wiki/ServerHowTo

My problem is with the authorize.php controller. If the user is not logged in to the oauth provider, as required for them to auhorize the request token, I need to take them through my login process, however when I return to the authorization page it has lost the request token that was originally being submitted for authorization.

Does anybody have an idea of the best workflow for this? Do i simply pass all the query parameters received thought the whole process? Are there any security concerns or other gotchas with doing this manually. Is there perhaps an existing demo that shows how this is done.

Cheers

  • 写回答

1条回答 默认 最新

  • drzfz9995 2011-03-26 18:36
    关注

    If the user is not logged in to the oauth provider, as required for them to auhorize the request token, I need to take them through my login process, however when I return to the authorization page it has lost the request token that was originally being submitted for authorization.

    Stick it (and any other data you need that might get lost) in their session before you redirect them through your login mechanism, then fetch it once the login has completed and the authorization needs to happen. This eliminates the need to pass it through every form element, at the tiny risk of the user dumping his cookies along the way.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?
  • ¥15 matlab(相关搜索:紧聚焦)
  • ¥15 基于51单片机的厨房煤气泄露检测报警系统设计