Currently, the requirement is that the app is similar to qq communication tools. a single user can log on to the rest of the site and log on to the top. I don't know how to achieve this. have you done this? Currently, the requirement is that the app is similar to qq communication tools. a single user can log on to the rest of the site and log on to the top. I don't know how to achieve this. have you done this?
Reply content:
Currently, the requirement is that the app is similar to qq communication tools. a single user can log on to the rest of the site and log on to the top. I don't know how to achieve this. have you done this?
Collect the device information of the app and bind the device information to the user. a user is allowed to use the device. when logging on, the user of the previous device is kicked off.
A single sign-on system (TnSSO) has been designed and implemented in the last six months. This is a common system, but we have made a lot of in-depth research in terms of functions and experience. here we will summarize and record it. SSO also refers to the current system.
TnSSO provides multiple logon methods for PC and mobile versions, including regular email account or mobile phone number logon, joint logon using Sina and QQ accounts, and dynamic mobile phone password logon, in addition, it also provides some special logon methods for different platforms to improve user experience. for example, you can open the company's sharing link to directly log on using authorization, on the PC page, scan the QR code to log on.
Nowadays, many mobile App pages directly embed common mobile web pages in the App, and the App acts as a browser. this benefit is needless to say. Because the native page logon method of the App is better than opening the webpage in the App and logging on again, we still use native page logon in the App. TnSSO is compatible with the native login method of the App and can identify the login status of users in the App. In addition, you can also use the App to scan the code to log on to the pc sso version.
The following is a sequence diagram of single-point logon. I will not explain it any more. if you have never touched the sequence diagram before, you can understand what it is like:
Security and experience
TnSSO has some fine-grained considerations in terms of security and experience. while ensuring system security, the maximum program optimizes the user experience.
1. full HTTPS to prevent communication between the client and the server from being eavesdropped.
2. set the callback URL to set the whitelist. the client subsystem must register with SSO before accessing SSO.
3. the token is valid for one time and bound to the client subsystem. it is destroyed immediately after use.
4. to improve user experience, you do not need to enter a verification code when you log on three times a day for each IP address or send a dynamic password for each mobile phone number for the first time each day.
5. after a verification code is repeatedly sent, the mobile phone dynamic password expires after more than three times.
6. wait...
Compatible with App logon
The user login information of the App is separately stored in the App, and the public login service provided by SSO is not used. How do users know the logon status of embedded web pages and share the login status of embedded web pages and apps when accessing embedded web pages through apps?
Our solution is that when the App accesses the embedded page PageA that requires logon, PageA will jump to the SSO login page 302, which is carried out in the App, the App adds a hash value to the Cookie when accessing the SSO login page. After receiving the request, SSO checks whether it is logged on. If no, it uses the hash value in the Cookie to request the user ID of the App server. after obtaining the user ID, it generates the user logon information, bring the token to the callback URL of WebA in the system where PageA is located. WebA repeat the logon process to log on. If the hash value is empty or the user ID retrieved from the App server based on the hash value is empty, the URL used for App hijacking is redirected. Repeat the above process after the App completes logon.
The App sets a hash value in the Cookie instead of setting the user ID directly. it is trustworthy to ensure the validity of the user ID retrieved from the App server by the sso api.
The sequence diagram is as follows:
Scan the QR code to log on
Scan-code logon is a popular practice nowadays. users have been logging on to their mobile phones or other mobile devices, and this is trustworthy, it is used to provide a shortcut for logon to the PC version, which is simple and quick to experience. users do not need to enter lengthy and complex passwords that may not be remembered by themselves. Therefore, this login method is also required. although it has not been officially released yet, it has already been planned and designed.
The specific implementation method is that the SSO server first randomly generates a non-conflicting code and saves it to the database. then, the two-dimensional code image is drawn and displayed on the logon page of the PC version, the page uses the Javascript short polling method to query the login information of this code on the server. The App uses the built-in code scanning function to identify the code in the image. then, the App server uses the hash value of the code and the user login information mentioned above as the parameter request SSO interface. After receiving the request, SSO first checks whether the code exists in our database. if it exists, the request is legal, and then requests the App server to obtain the user ID with the hash value, the subsequent process is similar to the above connection with the App login. JS polls the user to refresh the page after logging on, or jump back from where to where.
Finally, TnSSO not only provides the unified login service, but also integrates user registration and password retrieval functions. Therefore, it is more appropriate to call the pass system, it is the most demanding system in terms of stability and security in the company.
Http://atlantisplus.net/articles/570.html
After reading so much information from the upstairs, we can see that it was copied. after logging in successfully, we recorded the timestamp and set the cookie based on the timestamp. at login, we resolved the cookie and compared the timestamp. In fact, it is to get a token. this token is updated every time the login succeeds.
Indicates binding uid and device as described above. each operation checks whether the uid matches the current device.
There is also a third-party such as Huanxin, which provides the single sign-on function and callback processing. you don't need to do a long link yourself.