0
經歷了OAuth2的多個步驟後,一旦接收到access_token後應該如何處理?如何處理oauth2 access_token
app.get('/oauth2', function(req, res) {
var code = req.query.code;
var url = "https://.../oauth/access_token";
var options = {
url: url,
method: "POST",
form: {
client_id: '...',
client_secret: '...',
grant_type: 'authorization_code',
redirect_uri: 'http://localhost:8080/oauth2',
code: code,
},
json: true
}
request(options, function(err, response, body) {
// I need to save the user in database if she doesn't exist
// Then redirect, but should I pass the access_token to the redirect?
res.redirect('/'); // or res.redirect('/?access_token=zzz')
}
// Also, should the access_token be encrypted
// Does it need to be saved in database?
// Does it go in local storage?
});
我想要一些我在響應中收到的信息,所以它需要存儲在數據庫中。但是,我具體做什麼access_token?它會被保存到數據庫嗎?它應該被加密嗎?當我重定向時,是否將它作爲查詢字符串添加?我是否將其存儲在本地存儲中?如果是這樣,怎麼樣?