个人中心
gpt4 book ai didi

Implementing Authentication with external provider (e.g. Twitch)(与外部提供商(例如Twitch)实施身份验证)

转载 作者:bug小助手 更新时间:2023-10-25 11:25:19 27 4
gpt4 key购买 nike



I'm developing a web application consiting of two parts: a Flask REST API as a backend and a React.js SPA as a frontend.

我正在开发一个由两部分组成的Web应用程序:作为后端的Flaskrest API和作为前端的React.js SPA。


Now I'm at the stage of implementing authentication via an external provider (Twitch in particular). I'm not quite sure how I should handle these access/refresh/id tokens returned by Twitch, what am I supposed to return to the frontend from my backend or how they supposed to interract with each other?

现在,我正处于通过外部提供者(特别是Twitch)实现身份验证的阶段。我不太确定我应该如何处理Twitch返回的这些访问/刷新/ID令牌,我应该从后端返回什么到前端,或者它们应该如何相互作用?


For now I've done these:

目前,我已经做到了以下几点:



  • "Login" button at my frontend side which sends user to Twitch's login form

  • Twitch then redirects the request to my backend route (e.g. /auth/callback/twitch)

  • This route receives code query param and tries to exchange it with Twitch for access_token, refresh_token and id_token

  • and after that this route returns a redirect response to /home page of the application with id_token set in cookies


The thing is that I'm not sure it's exactly what I need. Still got some blind spots on this matter:

问题是,我不确定这是否正是我所需要的。在这件事上仍然有一些盲点:



  • Should I use the id_token provided by Twitch to identify the User or should I generate my own JWT token with some User's data?

  • Where should I persist that id_token (considering I tend to stateless design of the app and I want to be able to call my API directly just providing the valid credentials)?

    • probably for Users flow it's enough to use cookies?

    • and for direct access to my API there should be another way of auth (e.g. with Bearer token)?



  • Should I take care of a freshness of the id_token (considering I only need it to authenticate the User inside my system)

  • Am I right that I don't need the pair of access_token and refresh_token received from Twitch?


更多回答

Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking.

请澄清您的具体问题或提供更多详细信息,以突出您的确切需求。按照目前的写法,很难准确地说出你在问什么。

优秀答案推荐
更多回答

27 4 0
文章推荐: How to pass resource bytes as parameters(如何将资源字节作为参数传递)
文章推荐: Doxygen: Class "A" Member functions defined in separate .cpp files are not seen in the call graph of a calling function in Class "B"(DOORT:在单独的.cpp文件中定义的“A”类成员函数在“B”类中调用函数的调用图中看不到)
文章推荐: Calendar not working en language in sapui5(日历在SAPUI中不能使用英语5)
文章推荐: Query in MongoDB to return documents matching at least two values in an array(MongoDB中的查询以返回与数组中至少两个值匹配的文档)
bug小助手
个人简介

我是一名优秀的程序员,十分优秀!

作者热门文章
滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com