需要哪些表来存储 OAuth 服务器数据(而不是客户端)
我目前正在学习OAuth。我一直在修改这个 OAuth 库,特别是 PHP 版本。
它很简单,但足以让我掌握基本概念。现在,我的学习继续将数据存储到数据库中。我认为我已经知道的几件事:
- 我需要创建存储应用程序特定的消费者密钥和消费者秘密的表
- 我需要创建存储特定于应用程序的用户访问令牌密钥和秘密的表(以及生成的日期)这样下次当我需要实现令牌过期时,我就可以使用它)
现在,输入问题:
- 我需要另一个表吗?或者这两个就足够了?
I'm currently learning OAuth. I've been tinkering with this OAuth library, specifically, the PHP version.
It's barebone but enough to get me grasp the basic idea. Now, my learning move on to storing the data into database. Several things that I think I already know:
- I need to create table that store application specific consumer key and consumer secret
- I need to create table that store user access token key and secret specific to application (along date generated so that next time, when I need to implement token expiration, I can use it)
Now, enter the questions:
- do I need another table? or these two are enough?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要一张表来处理应用程序密钥。每个被授权处理服务器数据的应用程序都会有一个公共/私有令牌。
您应该已经有客户数据表。因此,您将需要一个将客户令牌/应用程序令牌链接到客户 ID 的表。
您还需要跟踪随机数和时间戳信息以避免重放攻击。
You need one table to handle application keys. There will be a public/private token for every application that's authorized to handle your server data.
You should already have customer data table. So you will need a table that links the customer token/application token to a customer id.
You will also need to track nonce and timestamp information to avoid replay attacks.