堆栈内存溢出
  简体   繁体   English

如何在Android设备上使用Google OAauth2.02连接到node.js后端?

[英]How to use Google OAauth2.02 on Android device to connect to a node.js backend?

 原文  2014-06-22 21:42:51       android/ node.js/ oauth-2.0/ google-oauth/ passport.js

问题描述

I'm building a Android/iOS/Web app which authenticates with a provider to receive an access token and then uses the token in the API calls to the node.js backend. 我正在构建一个Android / iOS / Web应用程序,该应用程序将通过提供者进行身份验证以接收访问令牌,然后在对node.js后端的API调用中使用该令牌。 I've already got it working for facebook using Passport and the Facebook-Token strategy ( https://github.com/drudge/passport-facebook-token ) 我已经使用Passport和Facebook-Token策略在Facebook上使用它了( https://github.com/drudge/passport-facebook-token

Now I'd like to repeat the process with this library https://www.npmjs.org/package/passport-google-token 现在,我想使用此库https://www.npmjs.org/package/passport-google-token重复此过程

Should be easy, right? 应该很容易吧? But google's developer console for android doesn't provide a client secret. 但是Google的Android开发人员控制台未提供客户端密码。 Infact there is very little documentation on what to do if you would like to authenticate on the device and use a token to communicate with the server. 实际上,如果您想在设备上进行身份验证并使用令牌与服务器进行通信,该怎么做的文档很少。 It was so simple with facebook, is there something I am missing? Facebook太简单了,我缺少什么吗?

1 个解决方案

解决方案1
 0  2014-06-23 02:41:51

FB's (or Google's) access_token is for their API, not yours. FB(或Google)的access_token用于 API,而不是您 API。 Also, most flows with 3rd party providers like FB and Google are intended for web sites (this is the auth code grant ). 此外,与FB和Google等第三方供应商的大多数流量都旨在用于网站(这是auth code grant )。 Devices (and SPA) typically use the implicit flow that doesn't require secrets on the client. 设备(和SPA)通常使用implicit flow ,不需要客户端上的秘密。

You might want to consider authenticating users with Google or FB (or whatever) in your website (using either strategies which are optimized for web flows), and then issue an API specific token derived from that. 您可能要考虑使用网站中的Google或FB(或其他任何方式)对用户进行身份验证(使用针对网络流进行了优化的两种策略),然后发出从中派生的API专用令牌。 I would recommend issuing JWT , which are lightweight and simple to use. 我建议发布JWT ,它轻巧且易于使用。

On the API side you could use express-jwt . 在API方面,您可以使用express-jwt See here for additional details. 有关其他详细信息,请参见此处

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法在 android 设备和 node.js 服务器之间连接 - Can not connect between android device and node.js server 如何将Node.js和Android作为客户端连接? - How to connect Node.js and Android as Client? 如何在 Android 设备上运行带有 Node js 后端的 React Native 应用程序? - How to run a React Native App with Node js Backend on Android Device? 如何使用SocketIO将Android Client与Node.js服务器连接? - How to connect Android Client with Node.js server using SocketIO? 关于验证IdToken的Google Identity工具包错误(客户端:Android,后端:Node.js) - Google Identity toolkit error on verifying IdToken (Client: Android, Backend: Node.js) 在Android设备上的Google Chrome浏览器中从Node.js服务器下载文件的错误 - Bug with downloading files from node.js server on google chrome browser on android device 在Android的Node.js后端上离线存储数据 - Storing data offline on a Node.js backend for Android 如何在Android手机上安装MySQL以与Node.js一起使用 - How to install MySQL on Android phone to use with node.js 在 android 中使用 firestore 和 node.js 的设备到设备推送通知 - Device to device push notification using firestore and node.js in android 在android中使用volley将图像上传到node.js后端 - Image upload to node.js backend using volley in android
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM