[英]How can I get this Google Login ID Token from this Android app to verify server-side?
I'm getting the ID Token in my Android app by initiating like this: 我通过这样的方式启动我的Android应用程序中的ID令牌:
GoogleSignInOptions googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.server_client_id))
.requestEmail()
.build();
Where server_client_id
is my SERVER's Oauth Client ID. 其中server_client_id
是我的SERVER的Oauth客户端ID。 Then later I request the token with googleAccount.getIdToken()
然后我用googleAccount.getIdToken()
请求令牌
Then on my server (PHP), when I verify the token I verify it like this: 然后在我的服务器(PHP)上,当我验证令牌时,我验证它是这样的:
$client = new \Google_Client(['client_id' => getenv("GOOGLE_CLIENT_ID")]);
try {
$payload = $client->verifyIdToken($this->idToken);
} catch (\Exception $e){
throw new BadRequestHttpException($e->getMessage());
}
if($payload){
$this->verifyPayload($payload);
} else {
throw new AccessDeniedHttpException("Invalid ID Token");
}
Where GOOGLE_CLIENT_ID
is my ANDROID's Oauth Client ID GOOGLE_CLIENT_ID
是我的ANDROID的Oauth客户端ID
I'm following this guide: https://developers.google.com/identity/sign-in/android/start-integrating . 我正在关注此指南: https : //developers.google.com/identity/sign-in/android/start-integrating 。
On this page it says: https://developers.google.com/identity/sign-in/android/backend-auth 在此页面上显示: https : //developers.google.com/identity/sign-in/android/backend-auth
When you configure Google Sign-in, call the requestIdToken method and pass it your server's web client ID. 配置Google登录时,请调用requestIdToken方法并将其传递给服务器的Web客户端ID。
Hence why I'm using the server_client_id
in my Android app. 因此,为什么我在我的Android应用程序中使用server_client_id
。 Is this correct? 它是否正确?
// Specify the CLIENT_ID of the app that accesses the backend //指定访问后端的应用程序的CLIENT_ID
And this is why I'm using the ANDROID client ID from my server. 这就是我在服务器上使用ANDROID客户端ID的原因。
Is this right? 这是正确的吗? To be using each other's Oauth client_id's? 要使用彼此的Oauth client_id? Or should they both be using the Android CLIENT_ID? 或者他们都应该使用Android CLIENT_ID?
Thanks in advance 提前致谢
OK I figured it out. 好的,我明白了。 Both the Android app and Webserver need to use the SERVER's key. Android应用程序和Web服务器都需要使用SERVER的密钥。 Even though I created a client ID for the app using it's key SHA1 and everything. 即使我使用它的密钥SHA1和所有内容为应用程序创建了客户端ID。
Important: never use server key inside the app 重要提示:切勿在应用内使用服务器密钥
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.