问题
I have an application that is on the client side: android app, and on the server side: flask based rest api, login with JWT token.
For better security, I want to combine login with Google as well.
The problem is: The naive solution, is on the client side: I need to "SPLIT" the login code for the 2 cases - That's not so bad, But later on for each request to the server - I need to check if I have jwt token, or google user data, and send the correct call.
Then on the server side as well - I need to "SPLIT" my code at every part of the Api to check weather it had jwt token or Google user. This naive solution seems ugly to me, and i'm asking if there is a better approach to this problem.
My friend suggested me to drop the jwt connecting and use only google, but from the user's side, I think it's better to have the 2 as options and to choose from.
回答1:
A straight-forward answer: Why don't you give the user a JWT token after they've logged in with Google? How we usually do this is: Login on client -> Send Google token -> Server verifies and sends JWT token -> User uses JWT Token and server uses Google token for updating the user information like the profile image or name.
来源:https://stackoverflow.com/questions/46661484/use-2-different-login-methods-jwt-token-and-google-sign-in-in-one-app