table of Contents
Scenario: A company has a platform needs to provide external interfaces to other business use, taking into account the security issues, then we can consider AccessToken program. After registering a business app in company A platform, platform distribution appId, appSecret to the merchant, the merchant using the assigned appId, appSecret get access_token, other interface calls must bring access_token parameter.
Database Design
CREATE TABLE `t_app` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`app_name` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '应用名称',
`app_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 'appId',
`app_secret` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 'appSecret',
`is_flag` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '标识是否可用:0可用 1不可用',
`access_token` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 'token',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact;
INSERT INTO `t_app` VALUES (1, '测试app', 'appID123456789', 'appsecret123456789', '0', '51541b8a07dc47a387f6fb65d2a056a1');Implementation
- Auth providing an interface through appId + appSecret acquired access_token (aged about two hours or a half hour) and as access_token key, appId as the value stored in the cache while redis access_token update to the data table, the interface multiple times if the call auth each time the last redis access_token removed from the cache.
- Providing a interceptor to intercept all interfaces need to be accessed by access_token determine aceess_token is valid and effective, it can access a long time to refresh the redis simultaneously valid other interfaces judgment, which can achieve the user has access to the access_token remain in effect, similar to longer valid session.