preface
Because nothing like my tamper with, write some interested in the project, although three days fishing two days the net, the project hasn’t been written, but it’s quite big ambitions, there are a few project plan want to write, every project has a login system, if every project login system to write again, must be too much trouble, and it is not easy to put several projects, So think of several projects in general a set of account system, similar to Tencent applications, a QQ number can log in Tencent games, Tencent video, Tencent music and so on. Search on the Internet for a long time, may be found in the right way, the search is mostly multipoint login, anyhow is no search to fully meet the solution I need, but can’t say completely useless, so their search of knowledge and combined with oneself fumble, summarizes a system of their own account, for the purpose of communication and learning, to share with you
As a beginner, I am not in touch with mature solutions of large companies, so my ideas of thinking by myself are definitely not mature. I hope you don’t laugh at me. If there are any good solutions, I hope you can give me more advice. This article is still based on ideas, if someone is interested in code implementation can also leave a message in the comment section, you can also enter my home page to follow my public number and my personal wechat to communicate.
demand
First of all, let’s take a look at our specific requirements
- One account can log in to several systems (applications)
- Several systems (applications) are not associated with each other, and the login status does not affect each other. The exit and login of one system do not affect the other system
- You can manually control the login status of all systems (such as logging out of all systems when changing passwords).
The above is our most basic demand. By analyzing the demand, we know that we need an account center, as shown in the picture below:
implementation
Basic login implementation
Started to write is certainly the most basic function of login, the login function is to use the simplest JWT login, the user to enter the account password or verification code sent to the account center, account center verification, validation token is passed to the client, and store the token to redis, thus to achieve the most simple login function. Although the account used here is the same set of accounts, considering the different styles of multiple applications, the account center does not provide a unified login page. Each application has its own login page, so you can just call the login interface of the account center.
The above is a conventional login process, but what we want to achieve is to log in from the business system to the account system. In this process, the account system acts as a third party and the final processing is implemented on the business system. Therefore, we need to transform the above process.
As shown in the figure above, when we log in, we first call the login interface of the account center, and then the account center verifies the login information. If the verification is successful, the token is stored in redis and returned to the application client. The application client requests the application server with the token, and the application server takes the token to the account center for verification. Authentication information needed by return customers, so here we authentication is in the center of the account, each request, the application server will be to the account center authentication, this design can make real-time control each account center login status, I also don’t know this design right, if not hope you can correct them.
How to distinguish between multiple application logins
I designed here is the client login and application server validation, will be one of the unique identification of the application, account center store, store a hash value in redis (hash), I understand the hash value is an object, the name of the hash value for the account id, the inside of the field name is a unique identifier, The field value is the token of the application.
An in-app account system
Although we have the account center, each business also needs its own account system. The account system in the business mainly stores some personalized profile pictures, nicknames and some unique attributes of the application, while the account center mainly stores sensitive information such as mobile phone number and account binding relationship. Here’s how I handle login logic in an application.
The processing logic in Node.js is used as an example
Above is the login logic in the application. The login here is done by the interface for querying user information. When querying user information, it is determined that there is no user bound to the account ID in the application memory, and the user is returned if there is no user bound to the account ID. Since the interface for obtaining user information is whitelisted, the following shows how other interfaces that are not whitelisted are authenticated.
Each user has its own userid, bound to the accountId (accountId). Generally, the accountId is used only for login or operations involving the account center. In most cases, the userid is used for service logic processing in the application.
This is the end of the login piece, if you have any questions, welcome to leave a message, the article has been published to the public account [100 Li Qingshan]