如何在Google App Engine上保护对SPA的访问
如何在Google App Engine上保护对SPA的访问
提问于 2018-09-09 18:52:38
我有一个用HTML5,Javascript和jQuery编写的SinglePageApplication。它目前根本没有与之相关联的后端处理-一切都是客户端。我把它放在Google App Engine免费层上。
我想增加一些安全性,这样只有已知的用户才能访问应用程序。谷歌有没有一种标准的方法来做到这一点?或任何其他标准?
回答 1
Stack Overflow用户
回答已采纳
发布于 2018-09-09 23:26:52
答案可能取决于您希望如何对用户进行身份验证。有几个选项:
- 在你的应用程序前面设置Cloud Identity Aware Proxy,这真的很快很容易。你需要每个人都有一个你要添加到proxy settings in the console中的谷歌账号。
用户将得到提示,输入使用哪个谷歌帐户来授权访问:
如果用户不在允许列表中,他们将看到如下内容:
1. If you trust your users, you could add them to your GCP console project with `viewer` permissions and then use the `login: admin` handler in your `app.yaml` handler. These users wouldn't be able to modify your project, but they would be able to view resources within it, so be careful.
2. Build identity into your app directly with [Firebase Authentication](https://firebase.google.com/docs/auth/), which is handled on the client side if you don't need long lived access/refresh tokens. It has the bonus of supporting a number of identity providers (Facebook, Twitter, etc), but does involve more work. Might consider it depending on where you expect your application to go in the future.
3. Use other open source tools to implement an identity/auth system.
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/52243756
复制相关文章
相似问题
腾讯云开发者
