[英]How to use Google OAauth2.02 on Android device to connect to a node.js backend?
I'm building a Android/iOS/Web app which authenticates with a provider to receive an access token and then uses the token in the API calls to the node.js backend. 我正在构建一个Android / iOS / Web应用程序,该应用程序将通过提供者进行身份验证以接收访问令牌,然后在对node.js后端的API调用中使用该令牌。 I've already got it working for facebook using Passport and the Facebook-Token strategy ( https://github.com/drudge/passport-facebook-token )
我已经使用Passport和Facebook-Token策略在Facebook上使用它了( https://github.com/drudge/passport-facebook-token )
Now I'd like to repeat the process with this library https://www.npmjs.org/package/passport-google-token 现在,我想使用此库https://www.npmjs.org/package/passport-google-token重复此过程
Should be easy, right? 应该很容易吧? But google's developer console for android doesn't provide a client secret.
但是Google的Android开发人员控制台未提供客户端密码。 Infact there is very little documentation on what to do if you would like to authenticate on the device and use a token to communicate with the server.
实际上,如果您想在设备上进行身份验证并使用令牌与服务器进行通信,该怎么做的文档很少。 It was so simple with facebook, is there something I am missing?
Facebook太简单了,我缺少什么吗?
FB's (or Google's) access_token
is for their API, not yours. FB(或Google)的
access_token
用于其 API,而不是您的 API。 Also, most flows with 3rd party providers like FB and Google are intended for web sites (this is the auth code grant
). 此外,与FB和Google等第三方供应商的大多数流量都旨在用于网站(这是
auth code grant
)。 Devices (and SPA) typically use the implicit flow
that doesn't require secrets on the client. 设备(和SPA)通常使用
implicit flow
,不需要客户端上的秘密。
You might want to consider authenticating users with Google or FB (or whatever) in your website (using either strategies which are optimized for web flows), and then issue an API specific token derived from that. 您可能要考虑使用网站中的Google或FB(或其他任何方式)对用户进行身份验证(使用针对网络流进行了优化的两种策略),然后发出从中派生的API专用令牌。 I would recommend issuing JWT , which are lightweight and simple to use.
我建议发布JWT ,它轻巧且易于使用。
On the API side you could use express-jwt . 在API方面,您可以使用express-jwt 。 See here for additional details.
有关其他详细信息,请参见此处 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.