问题
I am currently making a site that requires a user to log in with Steam before they can use the rest of my website's functionality. Steam currently only supports OPENID for authentication. The way that I have done it is in these following steps:
User presses on "Log in with Steam" button
My front-end redirects to steamcommunity.com
If the user logged in successsfully, the user's browser should redirect to my backend, I then add the user to the database (if they are not in it already) and create a JSON web token and send it back to my front end.
for example:
myfrontend.com?token={my_json_web_token}My front end then saves this token as a client side cookie and on every request to the server, I will send the contents of this cookie to the server.
I have already integrated my app but it is just gaining popularity so I'm wondering if the way that I have implemented it works.
Thanks
回答1:
This sounds like the correct way to go about it.
One thing to note is that you want to make sure you have some CSRF protection since you are using cookies, but that wasn't exactly what you were asking.
CSRF example
来源:https://stackoverflow.com/questions/37827246/how-to-integrate-openid-auth-into-a-rest-api-and-front-end-framework-architectur