我想知道什么被流行的应用程序所使用的方法是。
I want to know what the method used by popular apps are.
下面是我所考虑的方法:
Here are the approaches I have considered:
当用户登录时,保存用户名和放大器;共享preferences和密码,再利用它每一次(我想这会吸)登录上与客户端(APP)侧Facebook的SDK,通过身份验证令牌应用和使用创建一个用户。传递令牌的应用程序,存储在此令牌电话,并用它在未来的通信。的我相信这会令感定期重新创建此令牌,但如何做到这一点不要求用户重新登录?的创建一个登录视图。的这将意味着通过用户名和密码的API 的然后与用户令牌去了。 When user logs in, save username & password in shared preferences and re-use it every time (I think this will suck) Login on the client(app) side with Facebook SDK, pass the authentication token to the app and use that to create a user. Pass a token to the app, store this token on the phone and use it in future communications. I think it would make sense to re-create this token periodically, but how to do so without asking the user to login again? Create a login view. this will mean passing username and password to the API And then go with the user token.我不认为你应该存储在preferences用户凭据。
I don't think you should store user credentials in preferences.
最常见的方法是发送凭证服务器,然后作为响应获得会话密钥。然后包括会话密钥作为标题任何请求(在每一个请求验证的话)。
The most common approach is to send credentials to server and then as a response get a session key. Then include the session key as a header to any request (and validate it in every request).
如果会话密钥将变为无效(例如过期的),那么服务器应该返回一个适当的反应,并在客户端应该初始化认证功能。
If the session key would become invalid (e. g. expired) then the server should return a proper response, and the client should initialize authentication functionality.
Egzample
首先运行
显示登录活动
发送凭据到服务器获取 session_key可以
作为响应(通常它的哈希)存放 session_key可以
散用户通过验证后,退出登录活动
Show login Activity
Send credentials to server
Get a session_key
as a response (normally its a hash)
Store the session_key
hash
User is authenticated, exit the login Activity
的任何请求到服务器。
与 session_key可以
添加一个标题给您的请求(例如一个标题)发送请求如果响应正常停止,否则(例如响应与消息未授权或状态code 401)运行首先运行
Add a header with session_key
to your request (e. g. as a header)
Send the request
If the response is Ok Stop, else (e. g. response with message "not authorized" or status code 401) run First run