使用PHP登录OAuth2

所以我正在创建一个网站来学习一些PHP / Javascript / HTML / CSS等等我遇到了一个 我无法提出解决方案的问题。 所以基本上我有使用PHP的常规登录表单,它使用POST发送数据并进行身份验证。 我还想集成外部Twitch.tv OAuth2身份验证。</ p>

通过使用普通的PHP登录,我使用php将我的信息存储在PostgreSQL数据库中。 我想使用OAuth2做类似的事情。 例如,将Twitch.tv名称存储为数据库中的用户名,将令牌存储为密码。</ p>

问题是我使用的外部身份验证基于其Javascript API并存储 我找到的DOM存储中的信息无法通过PHP访问。 带有令牌的redirect_uri也是一个PHP无法检索的片段。</ p>

我应该废弃JS部分并尝试完全用PHP完成吗?</ p>

附带问题:我检查了其他也使用Twitch身份验证的网站,并使用这些回调链接“ https://api.nightbot.tv/auth/twitch/callback?code= ****”。 这些回调究竟是什么?</ p>
</ div>

展开原文

原文

So I am creating a website to learn some PHP/Javascript/HTML/CSS and so on and I ran into a problem to which I can't come up with a solution. So basically I have regular login form using PHP which uses POST to send the data and authenticate. I also want to integrate external Twitch.tv OAuth2 authentication.

By using normal PHP login I store my information inside PostgreSQL database using php. I want to do something similar using OAuth2. For example store Twitch.tv name as a username inside the database and token as a password.

The problem is that the external authentication I am using is based on their Javascript API and it stores the information inside the DOM storage which I found is unable to be access by using PHP. The redirect_uri with a token is also a fragment which can't be retrieved by PHP.

Should I just scrap the JS part and try doing it entirely in PHP?

Side question: I checked other website which also uses Twitch authentication and it uses these callback links "https://api.nightbot.tv/auth/twitch/callback?code=****". What exactly are these callbacks?

1个回答



您应该使用JS框架暗示的重定向。 它与Facebook的工作原理相同。

重定向与令牌一起使用。 通常,您会在您身边生成一个存储在会话中的随机令牌。

一旦用户使用JS API登录,API将重定向到回调页面(在您的情况下为PHP)。
在该页面中,您验证令牌一次(您已经通过并返回,必须是相同的) 并且您还可以从API获取另一个令牌以与API一起使用。
此时,您可以通过使用API​​令牌查询API来获取用户信息。
您从API获取用户信息然后您可以查询您的 此时按下DB以将用户登录到等等
我希望这会有所帮助.. </ p>
</ div>

展开原文

原文

You should use redirects as you implied with JS frameworks. It works the same with Facebook. The redirects are used with a token. Usually you generate on your side a random token that you store in the session. Once the user logs in using the JS API, the API will redirect to a callback page (PHP in your case). In that page, you verify the token once (that you had passed and got back, must be the same), and also you get another token from the API to use with the API. At this point you can get the user information by querying the API using the API token. You get the user info from the API and then you can query your down DB at this point to log the user in etc. I hope this helps..

立即提问
相关内容推荐