英文:
Invitation link implementation .NET WEB API
问题
我正在开发.NET Web API宠物应用程序,使用JWT身份验证。
它有私人房间(我们称之为大厅),所以用户无法访问它们的列表。
这个想法是创建邀请链接,像这样https://mycoolapp.com/Room/sd1Fds/join=token
,未经授权的用户可以点击它,在登录后加入房间。
这个想法来自于Discord的邀请链接 就像这里
我希望它有过期时间,所以用户可以选择3、5、7小时之间的时间,例如。Discord的实现
问题是,我应该如何实现它,我目前正在看SecurityToken
类,这是正确的方法吗?
英文:
I`m developing .NET Web API pet application, that uses JWT authentication.
It has private rooms(lets say lobbies), so users don't have access to the list of them.
The idea is to create invitation link like https://mycoolapp.com/Room/sd1Fds/join=token
,
so unauthorized user can click it and join room after he logs in.
The idea comes from discord invitation link
Like here
I want it to have expiration time, so user can choose between 3,5,7 hours for example.
Discord implementation
The question is, how should I implement it, Im currently looking at
SecurityToken` class, is that right approach?
答案1
得分: 1
是的,SecurityToken
是一个很好的起点。
您可以创建一个房间并为其生成一个唯一的ID(GUID),然后创建一个JWT令牌,并将生成的唯一ID作为声明包含在其中。然后生成包括JWT令牌的邀请链接,并将其发送给访客。
在访客单击链接后,重定向到登录页面,然后在查询字符串中包括JWT令牌重定向到API。在处理邀请链接的终点上,检查一切是否正常,ID是否作为声明存在,以及过期时间是否正常,然后授予用户访问私人房间的权限。
英文:
yes, the SecurityToken
is a good point to start
you can create a room and generate a unique id (GUID) for that. then create a JWT token and include the generated unique id as a claim into it. then generate the invitation link including the JWT token and send it to guest
after the guest clicks on the link, redirect to the login page and then redirect to the API with the JWT token included in the query string. in the endpoint that handles the invitation link, check if everything is ok and the id exists as a claim, and the expiration time is ok, grant the user access to the private room
答案2
得分: 1
个人而言,我会遵循KISS原则,只需生成一些随机的唯一标识(Guid.NewGuid
可能就足够了),并将其与额外信息一起存储在数据库中(比如过期日期、被邀请人的标识等)。在加入尝试时,验证该链接与存储的数据是否匹配(链接未过期,试图加入的人在列表中等)。
英文:
Personally I would go with KISS principle and just generated some random unique id (Guid.NewGuid
can be sufficient) and stored it in the database with additional information (like expiration date, invited person ids, etc.) and on join attempt validated that link against the stored data (link has not expired, person attempting to join is in the list, etc.).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论