I'm attempting to get and store an access token from the Pocket API using Node.js. I am able to get the request token, redirect to the Pocket login page, redirect back to my site, and finally able to exchange the request token for an access token.
我正在尝试使用Node.js从Pocket API获取并存储一个访问令牌。我能够获得请求令牌,重定向到Pocket登录页面,重定向回我的站点,最后能够交换请求令牌以获得访问令牌。
But that's where my problem lays. I don't know how I should go about actually storing the token, and without it I am unable to make API calls (of course). Here's the relevant code:
但这就是我的问题所在。我不知道应该如何实际存储这个令牌,如果没有它,我就无法进行API调用(当然)。相关代码:
//called when Pocket API redirects back to /getAccessToken
function getAccessToken(response, requestToken) {
restler.post("https://getpocket.com/v3/oauth/authorize", {
headers: { "Content-Type" : "application/json",
"X-Accept" : "application/json" },
data : JSON.stringify({consumer_key:CONSUMER_KEY,code:requestToken})
}).on("complete", function(data, res) {
if(res.statusCode == 200) {
var accessToken = data.access_token;
console.log("Access granted: " + accessToken);
//BUT HOW DO I STORE THE ACCESS TOKEN FOR USE OF API CALLS ??
}
response.writeHead(307, {Location: DNS}); //go back to site
response.end();
});
};
I was thinking I should store the accessToken on the client side, but I don't actually know how to go about doing that. I've tried using cookies, but that didn't seem to work. Of course, I may have just implemented them wrong.
我想我应该把accessToken放在客户端,但是我不知道该怎么做。我试过用饼干,但好像没用。当然,我可能只是实现错了。
Your help is much appreciated.
非常感谢你的帮助。
2 个解决方案
#1
2
How you store the access token usually depends on where you will be using the API.
存储访问令牌的方式通常取决于您将在哪里使用API。
I usually like to persist tokens in the database (like MongoDB) on the User document they are associated with, and then my web client can ping my server (via a RESTful endpoint) if it needs the token for anything. This way if the user clears all that state on the browser you don't have to go through the entire OAuth flow again.
我通常喜欢将令牌保存在与之关联的用户文档的数据库中(如MongoDB),然后我的web客户机可以在需要令牌的情况下(通过RESTful端点)ping我的服务器。这样,如果用户在浏览器中清除了所有的状态,您就不必再次遍历整个OAuth流了。
#2
1
you should probably make the cookies thing work. option 2 is to use localStorage but if you're struggling with cookies i wouldn't try going down that path - it gives you more control of when the tokens are sent across the wire but also requires a lot more work to make your serverside and clientside code coordinate.
你应该把饼干的东西做好。选项2是使用localStorage,但是如果您在使用cookie时遇到困难,那么我不会尝试沿着这条路走下去——它可以让您更好地控制何时通过网络发送令牌,但是还需要做更多的工作来使您的服务器端和客户端代码协调。
#1
2
How you store the access token usually depends on where you will be using the API.
存储访问令牌的方式通常取决于您将在哪里使用API。
I usually like to persist tokens in the database (like MongoDB) on the User document they are associated with, and then my web client can ping my server (via a RESTful endpoint) if it needs the token for anything. This way if the user clears all that state on the browser you don't have to go through the entire OAuth flow again.
我通常喜欢将令牌保存在与之关联的用户文档的数据库中(如MongoDB),然后我的web客户机可以在需要令牌的情况下(通过RESTful端点)ping我的服务器。这样,如果用户在浏览器中清除了所有的状态,您就不必再次遍历整个OAuth流了。
#2
1
you should probably make the cookies thing work. option 2 is to use localStorage but if you're struggling with cookies i wouldn't try going down that path - it gives you more control of when the tokens are sent across the wire but also requires a lot more work to make your serverside and clientside code coordinate.
你应该把饼干的东西做好。选项2是使用localStorage,但是如果您在使用cookie时遇到困难,那么我不会尝试沿着这条路走下去——它可以让您更好地控制何时通过网络发送令牌,但是还需要做更多的工作来使您的服务器端和客户端代码协调。