On a system that I'm working on a user signs up by means of an OpenID/Social Media account (Twitter, Google, Facebook), and then subsequently signs in using that path. The System comprises of a Back-end (API and database) and several clients (Web Portals, Native Mobile applications, and User-Agent/JavaScript based clients.
These clients will get the Authorization to the Above-mentioned back-end API for a user from a special oAuth2 server. So to share registration data between the clients this will need stored in a central database, part of the back-end service. Basically I need to track the users in a database.
Once I have an Access Token from an IdP for a user I can get some details about that user, eg Name and Email address, and I'd store some of that in a local database. I've previously asked "what I need to store" and didn't get any satisfactory answers, but now I've got a more specific question: What will the IdP give me to identify the user? Some kind of unique URI for that user? An Email Address? An IdP specific ID string?
I need to figure out how I go from getting an Authentication done against the IdP to getting an Access code from the oAuth service for the back-end. Once I know what I will have available from the user's IdP I can go to the next step, which is to figure out this part between Authenticating the user and getting an access token from the Authorization server for the API.
Aucun commentaire:
Enregistrer un commentaire