我有一个用HTML5,Javascript和jQuery编写的SinglePageApplication。它目前根本没有与之相关联的后端处理-一切都是客户端。我把它放在Google App Engine免费层上。
我想增加一些安全性,这样只有已知的用户才能访问应用程序。谷歌有没有一种标准的方法来做到这一点?或任何其他标准?
发布于 2018-09-09 23:26:52
答案可能取决于您希望如何对用户进行身份验证。有几个选项:
用户将得到提示,输入使用哪个谷歌帐户来授权访问:
如果用户不在允许列表中,他们将看到如下内容:
1. If you trust your users, you could add them to your GCP console project with `viewer` permissions and then use the `login: admin` handler in your `app.yaml` handler. These users wouldn't be able to modify your project, but they would be able to view resources within it, so be careful.
2. Build identity into your app directly with [Firebase Authentication](https://firebase.google.com/docs/auth/), which is handled on the client side if you don't need long lived access/refresh tokens. It has the bonus of supporting a number of identity providers (Facebook, Twitter, etc), but does involve more work. Might consider it depending on where you expect your application to go in the future.
3. Use other open source tools to implement an identity/auth system.
https://stackoverflow.com/questions/52243756
复制相似问题