通过 Curl OpenId
如何使用 Curl 进行基于 OpenId 的身份验证? 首先我能做到吗? 问候, 阿拉巴克什
How can I do OpenId based authentication using Curl?
At first place can I do it?
Regards,
Allahbaksh
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我想你正在谈论curl命令行,而不是库。我没有尝试过,但是根据我对OpenID和curl的了解,应该是可以的。但是,还没有完全自动化。如果您想要真正轻松和通用,则必须“解析”身份提供商和内容提供商登录页面的内容。如果你知道你要去哪里并且不介意将你的服务和客户端耦合起来(没有仇恨),你可以首先向身份提供商进行身份验证,例如:
然后将你的 OpenID 发布到内容提供商:
这假设内容提供者已被授权使用身份提供者。
然后获取您的内容:
请注意,这种方法并不安全,因为我在代码中对 POST uri 和字段进行了硬编码。为了解耦客户端和服务器,必须从响应中提取 uri 和字段名称。例如,在 bash 脚本中,您可以使用
sed。我认为这应该可行,但如果不行,那么您必须真正遵循重定向并提取 URI 和表单,因为某些参数可以在重定向 URI 或隐藏表单字段中传递。
I suppose you are talking about the curl command line, not the library. I have not tried, but according to what I know of OpenID and curl, it should be possible. However, not fully automated. You'll have to "parse" the content of the identity provider and of the content provider login pages if you want to be realy restful and generic. If you know where you're going and don't mind to couple your service and client (no hateoas), you can first authenticate with the identity provider, e.g.:
and then post your OpenID to the content provider:
This suppose that the content provider is already authorised to use the identity provider.
Then get your content:
Note that this approach is not restful, since I hard encoded the POST uris and fields in the code. To decouple the client and the server, the uris and field names must be extracted from responses. In a bash script, you can use
sedfor example.I think is should work, but if not, then you'll have to realy follow the redirects and extract URIs and forms, since some params can be passed in the redirect URIs or in hidden form fields.