从加密钱包身份验证切换到社交身份验证

huangapple go评论77阅读模式
英文:

Switching From Crypto Wallet Auth to Social Auth

问题

我已经建立了一个拥有相当多用户的产品,我使用的身份验证方法是以太坊和Solana(意味着人们连接他们的钱包来登录)。然而,我想切换到基于社交认证的登录方式(例如Google、Twitter等)。在保持用户帐户完整的同时,我应该采取什么最好的方式来实现这一点?换句话说,我如何让现有用户(曾使用他们的钱包地址登录)连接他们的社交账户以便今后登录?我应该采用哪些工具或步骤?

P.S. 我的技术栈是NextJS、NodeJs和Firebase用于数据库。

英文:

I have built a product which has quite a number of users and the authentication method I used was Ethereum and Solana (meaning people connect their wallets to log in). However, I would like to switch to social auth based logins (e.g. google, twitter, etc.). What is the best way I can go about doing this whilst keeping the users account intact? In other words, how can I get existing users (who used their wallet addresses to log in) to connect their social account in order to log in from here onwards? What tools or what procedure should I take?

P.S. My stack is NextJS, NodeJs and Firebase for database.

答案1

得分: 1

我假设您已经有某种持久化层,在其中存储了用户详细信息,以便在将他们的加密钱包链接到其帐户时使用。

要添加基于Oauth2 + PKCE的登录,您可以在用户表中添加额外的字段,以指示{provider}-access和{provider}-refresh token。这里的"provider"是指您选择的提供程序,如Google。随后,让您的后端与提供程序启动一个Oauth2流程(参考其文档),以获取带有回调URL的授权令牌,发送到前端。

然后,应将授权令牌再次传递给后端,以便它们可以与提供程序交换以获取访问和刷新令牌。这些访问和刷新令牌然后存储在您的持久化层中。

只要他们的刷新令牌保持有效,用户帐户就会保持链接状态,您可以添加一个定时任务或其他机制来刷新令牌,以保持用户的帐户链接。

有关Oauth2流程的其他详细信息,您可以参考以下内容:

RFC 6749 OAuth 2.0授权框架

RFC 7636 OAuth公共客户端的代码交换的证明密钥

为微服务设置Oauth2的正确方法 - Stackoverflow

OAuth 2.0安全最佳当前实践

英文:

I am assuming you have some form of persistence layer where you have stored user details when linking their crypto wallet to their account.

To add Oauth2 + PKCE based login, You can add additional fields in the User table to indicate {provider}-access and {provider}-refresh token. The provider here refers to your chosen provider like google. Subsequently, get your backend to initiate a Oauth2 flow with the provider (refer to their documentation) to get an authorisation token with the callback URL to your frontend.

The authorisation token should then be passed to the backend again so that they can be exchanged for access and refresh token with the provider. These access and refresh token which are then stored in your persistence layer.

The user account is linked so long as their refresh token remains valid, you can add a corn job or some other mechanism to refresh the tokens to keep the user's account linked.

There are other additional details regarding oauth2 flow that you can refer to:

RFC 6749 The OAuth 2.0 Authorization Framework

RFS 7636 Proof Key for Code Exchange by OAuth Public Clients

Proper Way of setting up Oauth2 - Stackoverflow

OAuth 2.0 Security Best Current Practice

huangapple
  • 本文由 发表于 2023年7月10日 10:54:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/76650421.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定