如何从此Android应用获取此Google登录ID令牌以验证服务器端?
[英]How can I get this Google Login ID Token from this Android app to verify server-side?
问题描述
I'm getting the ID Token in my Android app by initiating like this: 
我通过这样的方式启动我的Android应用程序中的ID令牌:
GoogleSignInOptions googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.server_client_id))
.requestEmail()
.build();
Where server_client_id is my SERVER's Oauth Client ID. 其中server_client_id是我的SERVER的Oauth客户端ID。 Then later I request the token with googleAccount.getIdToken() 然后我用googleAccount.getIdToken()请求令牌
Then on my server (PHP), when I verify the token I verify it like this: 然后在我的服务器(PHP)上,当我验证令牌时,我验证它是这样的:
$client = new \Google_Client(['client_id' => getenv("GOOGLE_CLIENT_ID")]);
try {
$payload = $client->verifyIdToken($this->idToken);
} catch (\Exception $e){
throw new BadRequestHttpException($e->getMessage());
}
if($payload){
$this->verifyPayload($payload);
} else {
throw new AccessDeniedHttpException("Invalid ID Token");
}
Where GOOGLE_CLIENT_ID is my ANDROID's Oauth Client ID GOOGLE_CLIENT_ID是我的ANDROID的Oauth客户端ID
I'm following this guide: https://developers.google.com/identity/sign-in/android/start-integrating . 我正在关注此指南: https : //developers.google.com/identity/sign-in/android/start-integrating 。
On this page it says: https://developers.google.com/identity/sign-in/android/backend-auth 在此页面上显示: https : //developers.google.com/identity/sign-in/android/backend-auth
When you configure Google Sign-in, call the requestIdToken method and pass it your server's web client ID.
Hence why I'm using the server_client_id in my Android app. 因此,为什么我在我的Android应用程序中使用server_client_id 。 Is this correct? 它是否正确?
// Specify the CLIENT_ID of the app that accesses the backend
And this is why I'm using the ANDROID client ID from my server. 这就是我在服务器上使用ANDROID客户端ID的原因。
Is this right? 这是正确的吗? To be using each other's Oauth client_id's? 要使用彼此的Oauth client_id? Or should they both be using the Android CLIENT_ID? 或者他们都应该使用Android CLIENT_ID?
Thanks in advance 提前致谢
2 个解决方案
解决方案1
4 已采纳 2018-09-23 20:23:57
OK I figured it out. 好的,我明白了。 Both the Android app and Webserver need to use the SERVER's key. Android应用程序和Web服务器都需要使用SERVER的密钥。 Even though I created a client ID for the app using it's key SHA1 and everything. 即使我使用它的密钥SHA1和所有内容为应用程序创建了客户端ID。
解决方案2
0 2018-09-28 14:14:32
- Send authorisation request from the app, using client_id and public key 使用client_id和公钥从应用程序发送授权请求
- As a response you get a temporary token 作为回复,您将获得临时令牌
- Send the token to your API. 将令牌发送到您的API。 Use it to make another request (from the API to Google), to get a long lived token 使用它来发出另一个请求(从API到Google),以获得一个长期存在的令牌
- Store the long-lived token. 存储长寿命令牌。 Use it to request data from google, fe user information 使用它来从谷歌,fe用户信息请求数据
Important: never use server key inside the app 重要提示:切勿在应用内使用服务器密钥
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.