从具有会话令牌的OAuth2应用程序获取用户信息

huangapple go评论110阅读模式
英文:

Getting information of user from oauth2 app having the session token

问题

我正在使用OAuth2协议相关概念方面遇到一些误解。目前我有三个应用程序:

  1. 使用React开发的前端应用程序
  2. 使用Golang开发的OAuth2服务器(尚未完成)
  3. 另一个后端应用程序,我们称之为“业务逻辑应用程序”

首先,React应用程序的用户可以使用OAuth2服务器登录系统,OAuth2服务器发送令牌,一切都很完美。
现在,当React应用程序发送请求到业务逻辑应用程序时,令牌也会在标头中发送。我的问题是:有了令牌,业务逻辑应用程序是否可以通过向OAuth服务器发出请求来获取用户信息?在OAuth协议中是否允许这样做?

问题是,我需要在业务逻辑应用程序中知道哪个用户已登录,如果不允许,我该如何解决?

英文:

I'm having I think, a misunderstanding of concepts related with Oauth2 protocol. Right now I have 3 applications:

  1. Frontend developed in React
  2. OAuth2 server developed in Golang (not finished)
  3. Another backend app, let's call it: Bussiness Logic app

At first, the user from react can login in the system using the OAuth2 server, the OAuth2 server sends the token and everything's perfect.
Now, when from the the react app some request is send to the Bussiness Logic App the token is also send in the headers. My question is: having the token, should I be able from the Bussiness Logic App to get information fo the user making a request to the OAuth server? is it allowed in the OAuth protocol?

The thing is that I need to know in the Bussiness Logic App which user is logged in, if it's not allowed, how should I fix it?

答案1

得分: 1

不。

OAuth 2.0不是一个身份验证协议。
如果您需要身份信息,您需要使用建立在OAuth 2.0之上的OpenID Connect。

通过OpenID Connect,您将获得访问令牌和身份令牌。身份令牌将包含有关“用户”的“基本”个人资料信息。访问令牌可用于从userinfo_endpoint获取有关用户的更详细信息。

英文:

No.

OAuth 2.0 NOT an Authentication protocol.
If you need Identity Information you need to use OpenID Connect (which is built on OAuth 2.0)

With OpenID Connect you are provided both an Access Token and an Identity Token. The Identity Token will contain "basic" profile information about the "user". The Access Token may be used to obtain more detailed information about the user from the userinfo_endpoint.

huangapple
  • 本文由 发表于 2017年7月15日 00:43:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/45107946.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定