使用Google App Engine中的Go语言实现OAuth2

huangapple go评论93阅读模式
英文:

OAuth2 in Go with Google App Engine

问题

我正在翻译以下内容:

我正在研究在Google App Engine中使用Go语言和OAuth2。这里有一个带有示例的链接:
https://developers.google.com/appengine/docs/go/users/#Go_OAuth_in_Go

但是,我对以下备注不太清楚:

请注意,使用OAuth来识别用户与标准用户身份验证模式完全无关。例如,如果用户仅通过OAuth进行身份验证,那么标记为"login: required"或"login: admin"的页面将拒绝加载。

这是否意味着我不能在OAuth中使用标准的身份验证模式?

我可以使用其他提供商(如Facebook)与用户包一起使用吗?

还是说,与默认的用户包相比,使用这个包更好?
https://code.google.com/p/goauth2/
使用这个包有什么缺点吗?

(我只需要用它进行身份验证)

英文:

I'm looking into using OAuth2 with Go in Google App Engine.
Here is a link with an example:
https://developers.google.com/appengine/docs/go/users/#Go_OAuth_in_Go

But this remark isn't clear to me:

Note that using OAuth to identify your users is completely orthogonal to the 
standard user authentication modes. For example, pages marked with 
login: required or login: admin will refuse to load if the user is 
only authenticated via OAuth.

Does this mean I can't use the standaard authentication mode with OAuth?

Can I use other providers like Facebook with the user package?

Or is it better to use this package instead of the default user package?
https://code.google.com/p/goauth2/
Are there disadvantages to using this?

(I only need it for authentication)

答案1

得分: 1

这只是意味着在app.yaml/module.yaml中的"login"键不会将通过OAuth进行身份验证的用户视为已经身份验证,并且会拒绝他们访问该资源。

例如,如果您在/admin/创建了一个页面,并且希望GAE强制只有经过身份验证的人才能访问该页面,那么您需要确保他们使用的是Google帐号进行身份验证,而不是OAuth登录。在使用OAuth登录后访问该页面的任何人仍将被GAE视为未经身份验证。

这只是意味着如果您有一些只想让经过身份验证的人看到的页面,并且希望支持OAuth作为有效的身份验证方法,那么您需要在.yaml文件中不设置"login"键来定义这些资源。然后,您需要自己强制执行在允许他们访问该资源之前已经登录。在这种情况下,GAE无法帮助您。

英文:

This just means that the app.yaml/module.yaml key "login" won't consider users who have authenticated via OAuth to be authenticated and will deny them access to that resource.

For example, if you have created a page at /admin/ and you want GAE to enforce that only people who have authenticated can access that page, then you need to ensure that they have authenticated using a google account, not an OAuth login. Anyone accessing that after they have logged in using OAuth will still appear unauthenticated to GAE.

All that this means is that if you have pages you only want authenticated people to see and you want to support OAuth as a valid authentication method, then you need to not have the "login" key set for those resources in the .yaml file. Then it's up to you to enforce that they have been logged in before allowing them access to that resource. GAE can't help you out in that case.

huangapple
  • 本文由 发表于 2014年7月31日 15:33:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/25053188.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定