Google 可以使用查询字符串进行 OAuth 重定向吗?
Google OAuth Redirect With Query String Possible?
是否可以在用户通过身份验证后通过 OAuth 重定向 URL 向网页传递参数?我在 Google 凭据配置页面的重定向 URL 上指定了一个参数,但它没有被传递。我想获得以下 foo 的值:
https://example.com/Test?foo=1234
我猜您想使用查询参数对某种信息进行编码,以便在您这边跟踪 OAuth 流程。
在这种情况下,您需要使用 state 参数。您将获得 state 参数作为您的 redirect_uri
的参数
更多信息:
https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest
https://developers.google.com/identity/protocols/OpenIDConnect#state-param
The state can be useful for correlating requests and responses.
Because your redirect_uri can be guessed, using a state value can
increase your assurance that an incoming connection is the result of
an authentication request. If you generate a random string or encode
the hash of some client state (e.g., a cookie) in this state variable,
you can validate the response to additionally ensure that the request
and response originated in the same browser. This provides protection
against attacks such as cross-site request forgery.
是否可以在用户通过身份验证后通过 OAuth 重定向 URL 向网页传递参数?我在 Google 凭据配置页面的重定向 URL 上指定了一个参数,但它没有被传递。我想获得以下 foo 的值:
https://example.com/Test?foo=1234
我猜您想使用查询参数对某种信息进行编码,以便在您这边跟踪 OAuth 流程。 在这种情况下,您需要使用 state 参数。您将获得 state 参数作为您的 redirect_uri
的参数更多信息:
https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest
https://developers.google.com/identity/protocols/OpenIDConnect#state-param
The state can be useful for correlating requests and responses. Because your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string or encode the hash of some client state (e.g., a cookie) in this state variable, you can validate the response to additionally ensure that the request and response originated in the same browser. This provides protection against attacks such as cross-site request forgery.