C
C
curious4522015-12-29 00:10:27
Classmates
curious452, 2015-12-29 00:10:27

How to check the token on the server during client authorization?

There is a native mobile application, there is a backend for it. It is necessary to give the user the opportunity to log in through Odnoklassniki.
Oauth 2 Implicit Grant is used, i.e. in a mobile application, the user passes Oauth client authorization and receives a token. After that, the token is sent to the backend, where its validity is checked, if successful, the user id is pulled out and login / registration takes place.
The question is how to check the validity of the token on the backend and that it was issued by the right application?
Facebook uses debug_token for this purpose, vk uses checkToken.
The question is partly related to Is validation of a custom token on the server side available?, but the answer did not bring clarity. If I understand correctly, then all requests from the backend will be outside the session, because the session secret key remains in the native client.
Description of the problem and solution for Facebook: https://developers.facebook.com/docs/facebook-logi...

Answer the question

In order to leave comments, you need to log in

1 answer(s)
D
dgreen, 2016-07-05
@dgreen

users.getCurrentUser?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question