我开始新的项目。这是小应用(操场),以了解夫妻的新概念。我将使用Ruby on Rails和单页应用程序中使用阵营创建后台API。我被困在验证。我想创建自定义的基于令牌的授权/授权。我来到了以下验证流程:
I started new project. It is small application (playground) to learn couple new concepts. I will create backend API using Ruby on Rails and Single Page Application using React. I stuck in Authentication. I would like to create custom Token-based Authorization/Authorization. I came to following auth flow:
这是流量是否正确?我应该解密在客户端令牌或没有必要?这个项目是唯一的操场,但我想做正确。请给我一些意见,如果上述流程是不够的。
Is this flow correct? Should I decrypt token on client side or It is not necessary? This project is only playground but I would like to do It properly. Please give me some comments if above flow isn't good enough.
推荐答案我认为你有正确的方法。此链接可以给你有关基于令牌的认证的更多详细信息:
I think that you have the right approach. This link could give you more details about token-based authentication:
- 与令牌RESTful应用程序实施认证 - templth.word$p$pss/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/
- Implementing authentication with tokens for RESTful applications - templth.wordpress/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/
希望它可以帮助你,蒂埃里
Hope it helps you, Thierry
更多推荐
在SPA的应用程序令牌认证
发布评论