How should state be stored during oauth?

xuanbao · · 557 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>I&#39;m using golang.org/x/oauth2 and I&#39;m not sure what the best way to store state it. I was looking into this a while ago and could have sworn I saw someone use net/context, but that wouldn&#39;t work would it because oauth is more than one request.</p> <hr/>**评论:**<br/><br/>fqn: <pre><p>I know Rails omniauth stores some state in the session. Have a look at that library for a good reference implementation.</p></pre>captncraig: <pre><p>I store it in a cookie. I set a short time to live on it, 5 minutes or so I think, and I sign/encrypt it with gorilla/securecookie. </p></pre>ROFLLOLSTER: <pre><p>Alright, thanks. Do you use gorilla/session or just stdlib?</p></pre>captncraig: <pre><p>I don&#39;t use gorilla/session as I don&#39;t really like the concept of a &#34;session&#34; at all. I just use securecookie to encode/verify and handle the cookie myself. I also make sure to delete the cookie after the callback is received.</p></pre>ROFLLOLSTER: <pre><p>Ok, thanks.</p></pre>jasonrichardsmith: <pre><p><a href="https://jwt.io/" rel="nofollow">JWT</a></p></pre>ultra_brite: <pre><p>store state ? what does it means ? context should only exists during the request&#39;s life time.</p></pre>neoasterisk: <pre><p>Hey! I thought you had deleted all your golang comments. Are you back?</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

557 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传