问题
We are an ISV with a web application. Unlike StackExchange or Trello, this web app is installed at customer sites, so each web app installation has a separate URL. i.e.: http://app.example.com/ and http://app.microsoft.com/ could both be valid URLs for our app.
We want to use OAuth to access the user's Google data (a simple first-time-use import to prime the app database). Our problem is trying to figure out how to make this work.
OAuth for web apps (client-side) depends on a redirect URL registered with the authority (Google in our case). If you are Trello or StackExchange you have one URL and just put that in. Since we are installed in many places, we can have many URLs, and we don't know what they are, so we can't tell Google what URLs to use ahead of time.
OAuth for client apps (windows clients etc) gets around this by returning the response in the window title, instead of redirecting. This is great for an app that has full control of the browser - i.e. that controls the sandbox, but for a normal browser the cross-site security restrictions make getting the secret from the Google response window impossible.
We appear to fall between two stools in the OAuth world. Not a web app, not a client app.
How can we use OAuth with multiple web apps installed in multiple locations?
回答1:
Sorry, but the registration process exists for a reason. If it's on multiple URLs owned by multiple companies, they will be considered separate applications and they should use different client IDs/client secrets and be registered by the appropriate owners. You'll just need to provide instructions for your customers about how they should register the app, or have it as part of the deployment process if you have a services team installing it.
There are a lot of benefits to building multi-tenant applications, and not having to do this is just one of them!
来源:https://stackoverflow.com/questions/12277218/how-to-use-oauth-with-deployed-web-apps