How to uniquely identify user logging in via oauth?

问题

I particular - I don't understand how to link user that authenticated using oauth to a particular account in my application?

So here's accounts in my applciation:

CREATE TABLE accounts (
    id BIGINT NOT NULL AUTO_INCREMENT,
    username VARCHAR(40),
    email VARCHAR(256),
    created DATETIME,
    updated DATETIME,
    PRIMARY KEY (id),
    UNIQUE KEY (email),
    UNIQUE KEY (username)
) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;

With openid for example there is a unique user id (uri, xri) which uniquely identifies that user. So I can just link to my accounts like this:

CREATE TABLE openid_logins (
    id BIGINT NOT NULL auto_increment,
    fk_accounts_id BIGINT NOT NULL,
    openid_identity TEXT NOT NULL, /*that's unique user id*/
    openid_provider_url VARCHAR(255) NOT NULL,  /*flickr, yahoo, live_journal*/
    PRIMARY KEY (id),
    INDEX (openid_identity),
    FOREIGN KEY (fk_accounts_id) REFERENCES accounts(id) ON UPDATE CASCADE ON DELETE CASCADE
);

So Whenever user logs in via openid -> I can get his regular account referencing fk_accounts_id.

But when it comes to oauth - AFAIK there is no such things as oauth_identity_string... And since oauth tokens might change tokens by themselves cannot be used as a unique link to profile in my applicaiton..... So what should I do? How to uniquely identify a user logging in via oauth?

回答1:

You can't get information about the user by the OAuth protocol itself, however, there is normally an endpoint, to which you can make a request, that provides user information. For example Google provides one: after you receive your token, you can make a request to:

GET https://www.googleapis.com/plus/v1/people/me?access_token={TOKEN}

This will return a JSON object containing information about the user, including an unique identifier.

回答2:

Get the account_id using the apis and store it in the following format:

-- --------------------------------------------------------

--
-- Table structure for table oauth -- its like a username passwd thingy
--

CREATE TABLE IF NOT EXISTS oauth (
  oauth_id                bigint unsigned     NOT NULL  AUTO_INCREMENT UNIQUE,
  service                 varchar(16)         NOT NULL,
  account_id              varchar(256)        NOT NULL,
  token                   text                NOT NULL,
  token_secret            text                NOT NULL,
  PRIMARY KEY (service, account_id)
) ENGINE=InnoDB  DEFAULT CHARSET=ascii COLLATE=ascii_bin;

service can be a google, twitter, etc if you are using multiple oauth

来源：https://stackoverflow.com/questions/21145560/how-to-uniquely-identify-user-logging-in-via-oauth