API de datos de Google - dos patas de autenticación Token Reutilización
https://stackoverflow.com/questions/4768132
-
16-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
Estoy utilizando dos patas OAuth para la API de Google de datos de contacto y la generación de señal en cada solicitud.
Es aconsejable o tienda debe I de contadores a reutilizar la próxima vez?
Además, ¿Cómo detectar símbolo rancio?
Estoy usando Python. (Y Biblioteca Gdata Python Cliente).
Edit: Ok, figura, el token se genera en el lado del cliente con encrpytion y no cobrados de lado del servidor, por lo que está bien para generar señal en cada solicitud. Estoy en lo correcto ? y que los medios, el token nunca cambian para un usuario (a menos que cambie secreto compartido) ¿verdad?
Solución
I think that the two legged oauth scenario does not involve creating tokens. Tokens are required when a user is participating in the interaction (the 3rd leg), because the user is required to authorize that token.
The user is not participating directly in the 2-legged oauth, so there's no token authorization and therefore no need to store and create tokens.
Basically 2-legged oauth means that you as a consumer should SIGN the request that you make to the provider with your CONSUMER shared secret (which the provider also knows about), so that the provider knows WHICH consumer is making the request - this is a way to validate that it's really your application that is requiring data. But since the user (3rd leg) does not participate, the provider does not create a token to give you, because you don't need one - you just get direct access to the data, if the Provider supports two legged and your application is allowed to use that data.
Here is a good article that can explain in more details the flow for two-legged and three legged process.
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iii-security-architecture/
Just to add something as a conclusion:
2-legged oauth is just an authentication method - consumer authenticate himself via signing the request with his secret key (this verifies which consumer is really making the request).
3-legged oauth is authentication and authorization - consumer authenticate via signing the request with his secret key and he get unauthorized request token which then needs to be authorized by the user, so the consumer can make authorized requests to the provider.
