英文:
How to redirect passing data without using query parameters in PHP?
问题
以下是翻译好的部分:
我有一个应用程序,它的工作流程如下:
- index.html加载index.js
- index.js在本地存储中查找令牌,未找到并使用
window.location.href = "auth.php";
重定向到auth.php - auth.php使用
header("Location: external-api.com/login");
重定向到external-api.com - 用户在其平台上登录,然后使用GET请求带有代码重定向回auth.php
- auth.php然后使用该代码和一些其他参数向external-api.com发出POST请求,并收到一个包含实际访问令牌的响应
- auth.php使用
header("Location: index.html?token=".$token);
重定向回index.html
然而,是否有一种方法可以在不使用查询参数的情况下重定向并传递数据?
英文:
I have an application that works as the following:
- index.html loads index.js
- index.js looks for a token on local storage, doesn't find it and redirects to auth.php using
window.location.href = "auth.php";
- auth.php redirects to external-api.com using
header("Location: external-api.com/login");
- the user logs in on their platform, which redirects back to auth.php with a code using get request
- auth.php then makes a post to external-api.com with that code and a few more params, and receives a response with an actual access token
- auth.php redirects back to index.html using
header("Location: index.html?token=".$token);
However, is there a way to redirect back passing data without using query parameters?
答案1
得分: 2
以下是翻译的内容:
你的问题有点不太清楚,因为你多次提到了“token”,但有两种不同的令牌 + 一个“代码”。
- 本地存储令牌
- 外部 API 发送用户到 auth.php?code=some_code
- auth.php 发送 POST 请求到外部 API 并获取 ACCESS TOKEN
我怀疑你无法隐藏步骤2中的代码(这取决于外部 API 的工作方式),并且你无法隐藏步骤1中的令牌(因为它在本地存储中,位于客户端机器上)。所以,我假设你试图在将 ACCESS TOKEN 从 POST 请求传递回“index.html”时隐藏它。
因此,假设你唯一需要隐藏令牌的地方是在“header("Location: index.html?token=".$token);”期间,那么你可以使用“$_SESSION['token'] = $token”,然后只需使用“header("Location: index.html);”并在请求“index.html”期间检索“$_SESSION['token']”。
此外,你可以将 ACCESS TOKEN 映射到内部代码,并将内部代码传递给用户。这样,用户就无法直接从外部 API 请求用户信息。
你可能会对 https://stackoverflow.com/questions/5576619/php-redirect-with-post-data/55852737#55852737 感兴趣,在那里我进一步详细说明了使用“$_SESSION”方法。
英文:
Your question is a little unclear because you mention token
multiple times, but there are 2 different tokens + a 'code'.
- Local storage token
- external-api sends user to auth.php?code=some_code
- auth.php sends POST request to external-api & gets ACCESS TOKEN
I doubt you can hide the code in step 2 (would depend on how the external API works) & you can't hide the token in step 1 (because it is in local storage, on the client machine). So, I assume you're trying to hide the ACCESS TOKEN received from the POST request to external-api, when redirecting back to index.html
So, assuming the only place you need to hide the token is during header("Location: index.html?token=".$token);
, then you can use $_SESSION['token'] = $token
, then just use header("Location: index.html);
and retrieve $_SESSION['token']
during the request to index.html
Also, you could map the ACCESS TOKEN to an internal code, & pass the internal code to the user. That way, the user could not directly request user information from external-api.
You might be interested in https://stackoverflow.com/questions/5576619/php-redirect-with-post-data/55852737#55852737, where I further detail the $_SESSION
approach.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论