1. 选择Session or JWT?
2. Überauth
如果你熟悉 Ruby 你可以把 Plug 想成 Rack,再加上一点 Sinatra。它提供了编写 Web 应用组件的一组规范,以及接入 Web 服务器所需的一些适配器。虽然 Plug 不属于 Elixir 的核心库,但它依然是一个 Elixir 官方维护的项目。
两个阶段是request和callback,这些阶段由策略Strategies实现。
2.1 Strategies 策略
Strategies是Plug,用来装饰拦截请求。
Strategies实现了两个步骤,然后允许request流过下面的plugs。根据strategies需求,实现request和callback两步是可选的。如果strategy不重定向,请求会装饰以Ueberauth的信息,并在pipeline中传递。
目前Strategies分为Provider Strategies和Developer Strategies:
Provider Strategies
- - Authenticate using the .
- - Authenticate using the .
- - Authenticate using the .
- - Authenticate using the .
- - Authenticate using the .
- - Authenticate using the .
- - Authenticate using the .
- - Authenticate using the .
Developer Strategies
- - A basic username/password strategy.
2.2 Request Phase 请求步骤
The request phase is where you request information about the user. This could be a redirect to an OAuth2 authorization url or a form for collecting username and password. The request phase is concerned with only the collection of information. When a request comes in on the request phase url the relevant strategy will receive the handle_request! call.
请求步骤会请求用户信息。这一步会跳转到OAuth2认证url或者一个包含用户名密码的表单。请求步骤只关注信息。
2.3 Callback Phase 回调步骤
The callback phase is where the fun happens. Once a successful request phase has been completed, the request phase provider (OAuth provider or host site, etc) should call the callback URL. The strategy will intercept the request via the callback_phase!
. If successful, it should prepare the connection so the Ueberauth.Auth
struct can be created, or set errors to indicate a failure.
一旦请求步骤成功,请求步骤服务商(OAuth或者主站)会请求回调URL。这个策略会拦截callback_phase!的请求。如果成功,它会准备好连接,Ueberauth.Auth结构体被创建,如果失败,则报错。
3. Guardian
An authentication framework for use with Elixir applications.
Guardian is based on similar ideas to Warden but is re-imagined for modern systems where Elixir manages the authentication requirements.
Guardian remains a functional system. It integrates with Plug, but can be used outside of it. If you're implementing a TCP/UDP protocol directly, or want to utilize your authentication via channels, Guardian is your friend.