App server database design, appserver
The user login module also needs to be well designed in the database module. You cannot modify the database table every time you add a third-party authentication.
1. User basic information table
UserID avatar name...
2 url1 name1-
1 url2 name2-
3 url3 name3-
The basic user information table contains some basic user information. The primary key is the user's UserGuid and is unique.
Ii. User Authentication table User_auths
Primary UserID identity_type identify credential isFirstParty
1 2 email 12345@gmial.com MD5MD5MD5 True
2 2 account accountName accountPwMD5 True
3 1 phone 12345678909 pwMD5 True
4 2 wechat wechatID access_token & refresh_token False
5 3 weibo weiboID access_token & refresh_token False
The user authentication table contains various login methods of the user. The column name is interpreted as primaryKey, which is a primary key and unique. UserGuid: the unique user ID, which is not unique in the table. Identity_type: logon method. Identify: the account name or ID of this method. IsFirstParty: whether it is the first party to log on. Credential: password for the first party, access_token and refresh_token for the third party.
Many third-party apps have successfully obtained the user's basic information and then discarded the third-party access_token and refresh_token. In fact, to ensure real security, they still need to be saved, after each automatic login, the third-party access_token and refresh_token are used to update user information and verify whether the user is a real identity.
The UserGuid is not unique. Multiple accounts may correspond to the same UserGuid (a third party is bound to a telephone account, and so on ). IsFirstParty is used to indicate whether the password is the first party. For some apps, the email/phone/accout password is the same. If you modify the password, you must modify the password at the same time, you need to identify these first-party accounts by using the flag.