Write in the front: the blog has not been updated for a long time, mainly things are too much, but recently also did some more valuable things, and then slowly share with you
The author in Tencent is mainly responsible for the open platform Openapi work, due to the working relationship, the past few days to traverse Baidu, everyone, Sina, Taobao 4 platform, studied their application in the station, Web site login, mobile application integration, and developed a Baidu station application of the demo.
Baidu Site Application Demo:
Experience the address (to experience, please contact me to open the White list first):
Http://app.baidu.com/app/enter?appid=385894&debug=1&is_from_dev=1&canvas_pos=platform
Code has been open source on the GitHub: Https://github.com/dantezhu/baidu_app_demo, which encapsulates a Baidu SDK, the need for friends can be used directly.
The language of development is Python+flask
Mobile applications and Web Access, both access is the way to go OAuth, this basic platform are all the same.
And for the station application and Tencent is not the same, so the focus on the treatment here, only to Baidu examples:
Baidu's tutorial here: Baidu site Application Development document
1. When the user clicks the application list to enter, the Baidu will pass to the application two parameters: Bd_user, Bd_sig, looks like Tencent Open platform's OpenID and Openkey, but actually Baidu these two parameters are unable to do very strong login state guarantee, Can only be used to ensure that these two parameters are not artificially tampered with.
2. If the two parameters check pass, it is necessary to see the application of the session UserID and Bd_user are the same. In fact, this is a recommended application of Baidu development method, that is, in order to avoid each user to enter the application to call OAuth that set of login system, so the proposed application in the first login successfully written to their session. Corresponding to the Tencent platform, we actually did not enforce on the wiki or recommend users to do so, mainly even if the application does not write their own session, each time to call Tencent verification OpenID, Openkey interface, for users will not have any difference; but corresponding to Baidu, Every time you call Baidu's login authorization interface, even if the previous authorization will also pop up a dialog box (in the final screenshot of the article can be seen)
3. If the 2nd step is the same, the proof that the user may have just refreshed the page, so go directly to the application homepage. If this is not the case, then the standard oauth2.0 login will begin. But here Baidu is only recommended to go by the way of server-side, so the coding is somewhat complicated, but the security is also higher.
4. If the user login authorization OK, then apply to the Redirect_url in the jump to write the session, and then jump to the home page. The whole process is over.
The following is a screenshot of the application demo I wrote in Baidu Station:
Finally, Baidu to the application do a lot of monitoring, such as on the page must be put on the monitor script, and so on, here is worth our reference.