How to do OAuth using more than one provider at a time?
I've successfully done OAuth transactions with a few different providers (YouTube, CoHuman, etc.). I now want to try doing 2 at the same time. For example, providing an application that allows users with both a YouTube and a CoHuman account to authorize my app to access both web APIs on their behalf.
What I can't get my head wrapped around is how to separate the OAuth transactions when it comes to the URL parameters. After the callback there will be an oauth_token parameter passed around via the URL parameters for the rest of the session. So how can I manage a session simultaneously with two OA开发者_开发问答uth providers if there if only there is only one URL argument named oauth_token? I do assign a user ID and use a database store, and not session store. But what do I do to manage two oauth_tokens from two different providers simultaneously?
I'm not sure what you mean by two providers 'at the same time'. If you mean allow a user to link more than one third party accounts, you just need to provide them with an interface to link multiple accounts. You should not try to combine or chain the two transaction, especially when doing so can leak an access token from one provider to the next.
You have to treat each provider separately.
精彩评论