[英]Using OAuth2 token to authenticate to an API hosted on Google App Engine?
I'm building a backend for my Android app using GAE, and I'd like to authenticate users with their Google accounts, sent from the Android app. 我正在使用GAE为我的Android应用程序构建后端,我想使用从Android应用程序发送的Google帐户对用户进行身份验证。
Before OAuth2, you were able to use a Cookie retrieved from the _ah/login
endpoint to authenticate users into your web app, but that method is deprecated and I'd like to be able to use the updated OAuth2 method. 在OAuth2之前,您可以使用从
_ah/login
端点检索的Cookie来对用户进行身份验证以进入您的Web应用程序,但该方法已被弃用,我希望能够使用更新的OAuth2方法。
In my Android app I've been able to generate a JSON Web Token using the following line: 在我的Android应用程序中,我已经能够使用以下代码行生成JSON Web令牌:
String jwt = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "audience:server:client_id:1234567.apps.googleusercontent.com");
or an OAuth token: 或OAuth令牌:
String oauth2 = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "oauth2:server:client_id:1234567.apps.googleusercontent.com:api_scope:https://www.googleapis.com/auth/plus.login");
Either, manually, I can pass to my API and validate against Google. 无论是手动操作,我都可以传递给我的API并针对Google进行验证。 But I haven't been able to figure out a way to use a token like this to trigger authentication in GAE like the Cookie used to.
但是我还没有办法像使用Cookie一样,找到一种方法来使用这样的令牌在GAE中触发身份验证。 The documentation seems to indicate passing it as a header:
Authorization: Bearer <TOKEN>
but that doesn't seem to work. 该文档似乎指示将其作为标题传递:
Authorization: Bearer <TOKEN>
但这似乎不起作用。
What is the correct way to retrieve and pass a token to my GAE endpoint so that it authenticates the user? 检索令牌并将令牌传递到我的GAE端点以验证用户身份的正确方法是什么?
The correct and documented way to accomplish this is to: 实现此目的的正确且有文件证明的方法是:
1) Create an OAuth protected endpoint with the 1)使用以下命令创建一个受OAuth保护的端点
https://www.googleapis.com/auth/plus.login
or 要么
https://www.googleapis.com/auth/userinfo.email
scope and authorized Client ID for the Android client app. Android客户端应用的范围和授权的客户端ID。
2) Generate client library and integrate with your app. 2) 生成客户端库并与您的应用程序集成 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.