混合应用程序中基于 IBM MobileFirst Adapter 的身份验证。服务器向客户端发送 UserIdentity 对象
IBM MobileFirst Adapter based authentication in hybrid apps. Server sends UserIdentity object to client
取自此处的样本:
https://github.com/MobileFirst-Platform-Developer-Center/AdapterBasedAuth
mfp -v: 7.1.0.00.20151219-1541
当身份验证成功时,我收到此响应
如您所见,服务器将 UserIdentity 对象发送给客户端。
我的 UserIdentity 对象存储了我从后端获取并用于通过适配器访问后端的附加 ID 密钥。当 WL 服务器识别用户时,我可以从 UserIdentity (WL.Server.getActiveUser) 获取这些密钥,然后转到后端获取数据。我需要这些密钥才能保留在 WL 服务器上。
如何停止服务器发送 UserIdentity 对象。
我已经收到 PMR 对这个问题的回复。
The behaviour described in the PMR is the expected one.
The only way to avoid this is not saving the private data in the UserIdentity properties. The UserIdentity is meant to be shared between client and server.
Alternatively, you can save the sensitive data in a database using the clientId variable. You can find an example on how to do so in the Two-Step adapter authentication tutorial.
You can open a feature request but notice that this behaviour is by design.
所以问题结束了
取自此处的样本: https://github.com/MobileFirst-Platform-Developer-Center/AdapterBasedAuth
mfp -v: 7.1.0.00.20151219-1541
当身份验证成功时,我收到此响应
如您所见,服务器将 UserIdentity 对象发送给客户端。
我的 UserIdentity 对象存储了我从后端获取并用于通过适配器访问后端的附加 ID 密钥。当 WL 服务器识别用户时,我可以从 UserIdentity (WL.Server.getActiveUser) 获取这些密钥,然后转到后端获取数据。我需要这些密钥才能保留在 WL 服务器上。
如何停止服务器发送 UserIdentity 对象。
我已经收到 PMR 对这个问题的回复。
The behaviour described in the PMR is the expected one. The only way to avoid this is not saving the private data in the UserIdentity properties. The UserIdentity is meant to be shared between client and server.
Alternatively, you can save the sensitive data in a database using the clientId variable. You can find an example on how to do so in the Two-Step adapter authentication tutorial.
You can open a feature request but notice that this behaviour is by design.
所以问题结束了