谷歌身份验证怎么登录_使用Google登录身份验证用户

谷歌身份验证怎么登录

I hate dealing with user authentication, so I’m very happy to make user management and authentication somebody else’s problem. “Somebody else” like Google. Handling user information securely, supporting various kinds of multi-factor authentication, enabling account recovery while avoiding account hijacking… those are all much better handled by Google than by me!

我讨厌处理用户身份验证，因此很高兴让用户管理和身份验证成为其他人的问题。 像Google这样的“其他人”。 安全地处理用户信息，支持各种多因素身份验证，在进行帐户恢复的同时避免帐户被劫持……Google所处理的一切都比我好得多！

Unfortunately for me, I found it pretty confusing to get Google to do that for me. Oh, there’s accurate and detailed information about how to do it on Google’s sites. A lot of information. About a lot of different ways to do it. Mostly using libraries that, for me at least, make it hard to debug things that I do wrong. So I decided to get down to basics and work through the fundamental steps, in detail, needed to have my server-side web apps use Google Sign-in. This blog post shows how I did it, and how you can do it if you want.

对我来说不幸的是，让Google为我做这件事让我感到非常困惑。 哦，在Google网站上有关于如何执行此操作的准确而详细的信息。 很多信息。 大约有许多不同的方法可以做到这一点。 大多数情况下，至少对于我来说，使用库会使调试我做错的事情变得困难。 因此，我决定深入基础知识，并详细地进行一些基本步骤，以使我的服务器端网络应用程序使用Google登录。 这篇博客文章显示了我是如何做到的，以及如果需要的话如何实现。

逻辑步骤 (Logical Steps)

I’m comfortable managing sessions for my app, so my real problem was verifying a user’s identity before I create such a session. The steps for that are:

我很愿意为我的应用程序管理会话，所以我的真正问题是在创建此类会话之前先验证用户的身份。 具体步骤如下：

1. The browser sends request to my app. My server checks whether there is a current active session, as indicated by a cookie it set and trusts. If there is, it’s okay, and my app returns the requested page. Otherwise, my app returns a web page stating that the user needs to authenticate to use the site further. The page has a link the user should click to do that. (Alternatively, my app could just send a redirect response to that link, but that’s pretty abrupt and might be confusing to the user.)

   浏览器将请求发送到我的应用。 我的服务器检查是否存在当前活动的会话，如它设置并信任的cookie所示。 如果有，那没关系，我的应用程序返回请求的页面。 否则，我的应用程序将返回一个网页，指出用户需要进行身份验证才能进一步使用该网站。 该页面具有用户应该单击以执行此操作的链接。 (或者，我的应用程序可以向该链接发送重定向响应，但这很突然，可能会使用户感到困惑。)

2. The user clicks the link, and the browser sends a page request to Google. That link is to a Google page at accounts.google.com. The exact format of that link is described a bit later in this post. Google will return web pages and handle responses as needed to authenticate the user. If the authentication succeeds, Google will return a redirect response pointing to a page at my site.

   用户单击链接，浏览器将页面请求发送给Google。 该链接在accounts.google.com谷歌的网页。 该链接的确切格式将在本文后面部分进行介绍。 Google将返回网页并根据需要处理响应以验证用户身份。 如果身份验证成功，Google将返回指向我站点页面的重定向响应 。

3. The user’s browser processes the redirect by sending a request to my app. My server uses information in that redirect URL to retrieve the user’s information from Google. This retrieval is from my web server to Google, not from the user’s browser. If everything goes right my server now knows who the user is, so the server creates a session and returns a response to the user that includes a header to set a cookie for that session. That response might be a web page, or a redirect back to the page the user originally requested. But now the user’s browser has a valid session cookie and the user can access my site.

   用户的浏览器通过向我的应用发送请求来处理重定向。 我的服务器使用该重定向URL中的信息来从Google检索用户的信息。 此检索是从我的Web服务器到Google，而不是从用户的浏览器。 如果一切正常，我的服务器现在知道用户是谁，因此服务器创建一个会话并向用户返回响应 ，该响应包括用于为该会话设置cookie的标头。 该响应可能是网页，或者是重定向回用户最初请求的页面。 但是现在用户的浏览器具有有效的会话cookie，并且用户可以访问我的网站。

Of those three steps, my server has to deal with step 1, where