Your own user system is not to maintain a set of tokens, you client third-party login, holding a third-party token to the server, the server took the verification, when you log on successfully
Then send you a token of your own user system
If it is the first time, still have to process: get token to retrieve information, QQ number corresponding to no user on a new user, association, generate user token to the client
Third-party login to you the third party token is returned.
Finally also give you a token, general also have some other information, but eventually it is token to work, other information all let the server take token himself to QQ server to take
Take the three-way token to the server, and it takes the token to the three parties to fetch all of your information, and then create a new user of your own, linked to this tripartite account, which is done.
Next time you use three-way login, call three-party login, the three-party token to the server, the server took the three-party verification, got your QQ number, a look at yourself this has this account, I think you pass the verification of the same as the normal login
The service side has to deal with a third party, right?
Otherwise it does not know who you are, you take a token and QQ number to tell it I am the owner of this QQ number, the server how to know is not
If you pretend to be, you can just take a token and pretend to be someone else.
Yes, just log in, get token, call the login interface to the server, it's finished.
Third-party Login