适用于Android应用和服务器的Google+ API登录
[英]Google+ API sign in for both Android app and server
问题描述
My app has an Android client communicating with my own back-end server. 
我的应用程序有一个与我自己的后端服务器通信的Android客户端。 I want to use the Google API to handle the user authorisation for me (using a Google+ account), so that the user does not need to sign up for a separate account for my app. 我想使用Google API为我处理用户授权(使用Google+帐户),因此用户无需为我的应用注册单独的帐户。
By following the documentation in https://developers.google.com/+/web/signin/server-side-flow , my understanding of the authentication flow is shown below. 通过遵循https://developers.google.com/+/web/signin/server-side-flow中的文档,我对身份验证流程的理解如下所示。 I am not sure it is correct, because it sounds like hijacking the Google API for my purpose. 我不确定它是否正确,因为听起来像是出于我的目的劫持了Google API。
- User login on Android Android上的用户登录
- Android client gets a one-time access code and send it to my server. Android客户端获得一次性访问代码并将其发送到我的服务器。
- My server exchange refresh token and access token. 我的服务器交换刷新令牌和访问令牌。 (If the exchange is successful, the user is authenticated.) (如果交换成功,则对用户进行身份验证。)
- If the user authenticated, I generate an access token on my server and give it to the Android client. 如果用户通过了身份验证,我将在服务器上生成一个访问令牌,并将其提供给Android客户端。 The Android client can subsequently use the token to call my server's API. Android客户端随后可以使用令牌来调用我的服务器的API。
Especially, I am doubtful about the point 3. I exchange the access code for the Google refresh token and access token, but I never use them. 特别是,我对第3点表示怀疑。我将访问代码交换为Google刷新令牌和访问令牌,但是我从未使用过它们。 The purpose of the exchange is just to check whether the user has been authorised by Google. 交换的目的只是检查用户是否已获得Google的授权。 Does it sound quite correct? 听起来很正确吗? If not, what is the good way to do it? 如果没有,什么是好的方法?
1 个解决方案
解决方案1
1 2015-09-28 13:00:41
After you receive access_token on your server, execute the cURL/network request to the Google server. 在服务器上收到access_token后,请向Google服务器执行cURL / network请求。
For example (in PHP): 例如(在PHP中):
<?php
$access_token = $_GET['access_token']; // Get the access token
$google_api_url = "https://www.googleapis.com/plus/v1/people/me?access_token=". $access_token; // Create Google API URL with access_token
$c = curl_init($google_api_url); // Create network request to the Google server
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($c); // Execute request and get the response from th Google server
var_dump($result); // Print the result
RESULT OUTPUT (in JSON): 结果输出(以JSON格式):
If access_token is valid 如果access_token 有效
{
"kind": "plus#person",
"gender": "male",
"emails": [
{
"value": "arr.mohd@gmail.com",
"type": "account"
}
],
"objectType": "person",
"id": "101571740244190011262",
"displayName": "Rafique Mohammed",
"name": {
"familyName": "Mohammed",
"givenName": "Rafique"
},
"url": "https://plus.google.com/101571740244190011262",
"image": {
"url": "https://lh6.googleusercontent.com/-pxiRX5gNkWE/AAAAAAAAAAI/AAAAAAAAAEg/99WWMsH16P8/photo.jpg?sz=50",
"isDefault": false
},.... //etc
If access_token is invalid 如果access_token 无效
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.