[英]RESTful Api authentication for an android app
I have an assignment where i need to use an email and password to authenticate a user and get an access token. 我有一个作业,我需要使用电子邮件和密码来验证用户身份并获取访问令牌。 I have both the api key, secret and the base URL.
我同时拥有api密钥,密钥和基本URL。 I am not required to use a redirect URL for the assignment and it wasn't provided.
我不需要使用重定向URL进行分配,也未提供。 I am not sure which approach or which library to use.
我不确定要使用哪种方法或库。 I am drowning in the abundance of information and it is confusing me.
我淹没在丰富的信息中,这使我感到困惑。 I need to be pointed in the right direction.... any kind of help will be welcome.
我需要指出正确的方向。……任何形式的帮助都将受到欢迎。 Thanks
谢谢
Based off your comments, the instructions tells you to use Resource Owner Password Credentials Grant . 根据您的评论,说明指示您使用“ 资源所有者密码凭证授予” 。 You can see an example request in the spec.
您可以在规范中看到一个示例请求 。
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
The only thing that may seem odd (if you've never encountered it), is the Authorization
header value. 唯一看似奇怪的东西(如果您从未遇到过)是
Authorization
标头值。 Read up on Basic Authentication . 阅读基本身份验证 。 Basically the
czZCaGRSa3F0MzpnWDFmQmF0M2JW
is a base64 encoding of username:password
(actually <client_id>:<client_secret>
). 基本上
czZCaGRSa3F0MzpnWDFmQmF0M2JW
是username:password
的base64编码(实际上是<client_id>:<client_secret>
)。
Without using any outside libraries (just standard Java libs) to make the request, you might have something like 如果不使用任何外部库(仅是标准Java库)来发出请求,您可能会遇到类似
String formData = "username=<uname>&password=<pass>&grant_type=password";
String header = "Basic " + Base64.encodeAsString("<client_id>:<client_secret>");
HttpURLConnection connection
= (HttpURLConnection) new URL(tokenUrl).openConnection();
connection.setDoOutput(true);
connection.addRequestProperty("Authorization", header);
connection.addRequestProperty("Content-Type", "application/x-www-form-urlencoded");
connection.setRequestMethod("POST");
connection.setRequestProperty("charset", "utf-8");
connection.setRequestProperty("Content-Length", Integer.toString(formData.length()));
OutputStream out = connection.getOutputStream();
out.write(formData.getBytes(StandardCharsets.UTF_8));
InputStream in = connection.getInputStream();
AccessToken token = new ObjectMapper().readValue(in, AccessToken.class);
System.out.println(token);
out.close();
in.close();
The Base64
I used is not a standard library class. 我使用的
Base64
不是标准的库类。 Also the ObjectMapper
is not a standard library class. 同样,
ObjectMapper
不是标准的库类。 I just used it to parse the token response to the AccessToken
class. 我只是用它来解析对
AccessToken
类的令牌响应。 You can use any parser you like. 您可以使用任何喜欢的解析器。 The
AccessToken
class just has all the possible token values AccessToken
类仅具有所有可能的令牌值
public class AccessToken {
public String access_token;
public String refresh_token;
public long expires_in;
public String token_type;
public String scope;
}
From there, once you have the token, any resource requests you want to make, you just need to add an Authorization
header with Bearer <access_token>
. 从那里,一旦有了令牌,便可以创建任何资源请求,只需添加带有
Bearer <access_token>
的Authorization
标头。
I would recommend you to use the retrofit library to do that. 我建议您使用改装库来执行此操作。
Let's say your URL base is http://baseurl.com/api and you have to perform a GET request to /login passing the email and password. 假设您的网址库为http://baseurl.com/api,并且您必须通过传递电子邮件和密码来执行对/ login的GET请求。 I am assuming that your API will return a User object as JSON.
我假设您的API将以JSON形式返回User对象。
Api.java Api.java
public interface Api {
@GET("/login")
public void login(@Query("email") String email, @Query("password"), Callback<User> callback);
}
Where you need to perform the API call: 您需要执行API调用的位置:
Retrofit retrofit = new Retrofit.Builder()
.setEndpoint("http://baseurl.com")
.build();
Api api = retrofit.create(Api.class);
api.login(email, password, new Callback<User>() {
@Override
public void success(User user, Response response) {
// login logic
}
@Override
public void failure(RetrofitError error) {
Log.e("Retrofit", error.getMessage());
}
});
I hope this example can help you. 我希望这个例子能对您有所帮助。 Don't forget to read the retrofit documentation
别忘了阅读改造文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.