Baidu site application development experience and demo code

Source: Internet
Author: User
Tags oauth openid access

Write in the front: the blog has not been updated for a long time, mainly things are too much, but recently also did some more valuable things, and then slowly share with you

The author in Tencent is mainly responsible for the open platform Openapi work, due to the working relationship, the past few days to traverse Baidu, everyone, Sina, Taobao 4 platform, studied their application in the station, Web site login, mobile application integration, and developed a Baidu station application of the demo.

Baidu Site Application Demo:
Experience the address (to experience, please contact me to open the White list first):
Http://app.baidu.com/app/enter?appid=385894&debug=1&is_from_dev=1&canvas_pos=platform
Code has been open source on the GitHub: Https://github.com/dantezhu/baidu_app_demo, which encapsulates a Baidu SDK, the need for friends can be used directly.
The language of development is Python+flask

Mobile applications and Web Access, both access is the way to go OAuth, this basic platform are all the same.
And for the station application and Tencent is not the same, so the focus on the treatment here, only to Baidu examples:
Baidu's tutorial here: Baidu site Application Development document

1. When the user clicks the application list to enter, the Baidu will pass to the application two parameters: Bd_user, Bd_sig, looks like Tencent Open platform's OpenID and Openkey, but actually Baidu these two parameters are unable to do very strong login state guarantee, Can only be used to ensure that these two parameters are not artificially tampered with.

2. If the two parameters check pass, it is necessary to see the application of the session UserID and Bd_user are the same. In fact, this is a recommended application of Baidu development method, that is, in order to avoid each user to enter the application to call OAuth that set of login system, so the proposed application in the first login successfully written to their session. Corresponding to the Tencent platform, we actually did not enforce on the wiki or recommend users to do so, mainly even if the application does not write their own session, each time to call Tencent verification OpenID, Openkey interface, for users will not have any difference; but corresponding to Baidu, Every time you call Baidu's login authorization interface, even if the previous authorization will also pop up a dialog box (in the final screenshot of the article can be seen)

3. If the 2nd step is the same, the proof that the user may have just refreshed the page, so go directly to the application homepage. If this is not the case, then the standard oauth2.0 login will begin. But here Baidu is only recommended to go by the way of server-side, so the coding is somewhat complicated, but the security is also higher.

4. If the user login authorization OK, then apply to the Redirect_url in the jump to write the session, and then jump to the home page. The whole process is over.

The following is a screenshot of the application demo I wrote in Baidu Station:

Finally, Baidu to the application do a lot of monitoring, such as on the page must be put on the monitor script, and so on, here is worth our reference.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.