I'm using the node version of the google api client. i.e.: google-api-nodejs-client.
我正在使用google api客户端的节点版本。即:google-api-nodejs-client。
As part of this I'm setting up oauth-flow (the 'google webserver' flow to be exact.)
作为其中的一部分,我正在设置oauth-flow(确切地说是'谷歌网络服务器'流程。)
As part of authentication this consists of doing calls like:
作为身份验证的一部分,这包括执行以下调用:
var oauth2Client = new OAuth2Client(CLIENT_ID, CLIENT_SECRET, REDIRECT_URL);
and
oauth2Client.setCredentials(userSpecificTokens)
Obviously, the first call is app-specific, whereas the second call is user-specific.
显然,第一个调用是特定于应用程序的,而第二个调用是特定于用户的。
What is considered good practice in this case? either:
在这种情况下,什么是好的做法?之一:
- have 1
oauth2Clientand cache/save tokens per user and inject them usingoauth2Client.setCredentials(userSpecificTokens)on each and every request. This essentially creates a newoauth2Clientper request. - have a
oauthClientper user includingoauth2Client.setCredentials(userSpecificTokens)already applied which is created when needed and cached afterwards.
每个用户有1个oauth2Client和缓存/保存令牌,并在每个请求上使用oauth2Client.setCredentials(userSpecificTokens)注入它们。这基本上为每个请求创建了一个新的oauth2Client。
每个用户都有一个oauthClient,包括已经应用的oauth2Client.setCredentials(userSpecificTokens),它是在需要时创建的,之后是缓存的。
1 个解决方案
#1
2
I believe your first approach is the correct one
我相信你的第一种方法是正确的
have 1 oauth2Client and cache/save tokens per user and inject them using oauth2Client.setCredentials(userSpecificTokens) on each and every request.
每个用户有1个oauth2Client和缓存/保存令牌,并在每个请求上使用oauth2Client.setCredentials(userSpecificTokens)注入它们。
However, this line isn't correct
但是,这条线不正确
This essentially creates a new oauth2Client per request.
这基本上为每个请求创建了一个新的oauth2Client。
The oauth2client is created only once, when you've newed it - new OAuth2Client(CLIENT_ID, CLIENT_SECRET, REDIRECT_URL);
oauth2client只在您新建它时创建一次 - 新的OAuth2Client(CLIENT_ID,CLIENT_SECRET,REDIRECT_URL);
setCredentials() just swaps the credentials that are stored in that OAuth2Client object. Basically, what this means is that if you went for your 2nd approach, you'd have many additional instantiated OAuth2Client's unnecessarily. The only time you would ever need to instantiate a "new" Oauth2Client is when you want to connect with a different token/key.
setCredentials()只是交换存储在该OAuth2Client对象中的凭据。基本上,这意味着如果你采用第二种方法,你将不必要地添加许多额外的实例化OAuth2Client。您需要实例化“新”Oauth2Client的唯一时间是您想要使用不同的令牌/密钥进行连接。
It's somewhat common to store the tokens on a database or session and have them reused exactly as you've described by setting the credentials on the single instance of your client. (https://security.stackexchange.com/questions/72475/should-we-store-accesstoken-in-our-database-for-oauth2)
将令牌存储在数据库或会话上并通过在客户端的单个实例上设置凭据来完全按照您的描述重复使用它们是很常见的。 (https://security.stackexchange.com/questions/72475/should-we-store-accesstoken-in-our-database-for-oauth2)
For reference, the docs give some insight and basically describe your first approach - https://github.com/google/google-api-nodejs-client/#request-level-options
作为参考,文档提供了一些见解,并基本描述了您的第一种方法 - https://github.com/google/google-api-nodejs-client/#request-level-options
You can specify an auth object to be used per request. Each request also inherits the options specified at the service level and global level.
您可以指定每个请求使用的auth对象。每个请求还继承了在服务级别和全局级别指定的选项。
#1
2
I believe your first approach is the correct one
我相信你的第一种方法是正确的
have 1 oauth2Client and cache/save tokens per user and inject them using oauth2Client.setCredentials(userSpecificTokens) on each and every request.
每个用户有1个oauth2Client和缓存/保存令牌,并在每个请求上使用oauth2Client.setCredentials(userSpecificTokens)注入它们。
However, this line isn't correct
但是,这条线不正确
This essentially creates a new oauth2Client per request.
这基本上为每个请求创建了一个新的oauth2Client。
The oauth2client is created only once, when you've newed it - new OAuth2Client(CLIENT_ID, CLIENT_SECRET, REDIRECT_URL);
oauth2client只在您新建它时创建一次 - 新的OAuth2Client(CLIENT_ID,CLIENT_SECRET,REDIRECT_URL);
setCredentials() just swaps the credentials that are stored in that OAuth2Client object. Basically, what this means is that if you went for your 2nd approach, you'd have many additional instantiated OAuth2Client's unnecessarily. The only time you would ever need to instantiate a "new" Oauth2Client is when you want to connect with a different token/key.
setCredentials()只是交换存储在该OAuth2Client对象中的凭据。基本上,这意味着如果你采用第二种方法,你将不必要地添加许多额外的实例化OAuth2Client。您需要实例化“新”Oauth2Client的唯一时间是您想要使用不同的令牌/密钥进行连接。
It's somewhat common to store the tokens on a database or session and have them reused exactly as you've described by setting the credentials on the single instance of your client. (https://security.stackexchange.com/questions/72475/should-we-store-accesstoken-in-our-database-for-oauth2)
将令牌存储在数据库或会话上并通过在客户端的单个实例上设置凭据来完全按照您的描述重复使用它们是很常见的。 (https://security.stackexchange.com/questions/72475/should-we-store-accesstoken-in-our-database-for-oauth2)
For reference, the docs give some insight and basically describe your first approach - https://github.com/google/google-api-nodejs-client/#request-level-options
作为参考,文档提供了一些见解,并基本描述了您的第一种方法 - https://github.com/google/google-api-nodejs-client/#request-level-options
You can specify an auth object to be used per request. Each request also inherits the options specified at the service level and global level.
您可以指定每个请求使用的auth对象。每个请求还继承了在服务级别和全局级别指定的选项。