更新时间:2023-09-28 14:15:04
从安全角度来看,重要的一点是将用户的电子邮件和密码交换一次令牌,然后使用该令牌进行后续请求.这是因为:
The important point, from a security perspective, is to exchange the user's email and password for a token once, and then use that token for subsequent requests. This is because:
实现这一目标的方法有很多种,但复杂程度各不相同.
There are many ways to accomplish this with varying levels of complexity.
这是一个最新的教程,其中包含在 Rails 中使用基于令牌的身份验证创建 API 的完整演练(不使用 Devise,但仍然与理解概念相关):https://labs.kollegorna.se/blog/2015/04/build-an-api-now/
Here is a tutorial that is very recent and has a thorough walkthrough for creating an API in Rails with token-based authentication (not using Devise, but still relevant to understand the concepts): https://labs.kollegorna.se/blog/2015/04/build-an-api-now/