test:
#!/bin/bash
curl -s -X GET "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$1"
curl -s -X GET "https://www.googleapis.com/oauth2/v2/userinfo?access_token=$1"
curl -s -v -X POST "https://gcl-11.appspot.com/_ah/api/rest1/0/greetings/authed" \
-H "Authorization: Bearer $1" \
-H "Content-Type: application/json; charset=UTF-8" \
-d ""
server: https://gcl-11.appspot.com/
sourcecode: https://github.com/gertcuykens/gcl-11/
Only the 3th curl command does not work when a token from GoogleAuthUtil.getToken()
is used. Note that web client and api explorer works perfect only android does not authenticate to the endpoint server.
EDIT1:
Why does the token generated by GoogleAuthUtil.getToken()
work in curl test 1 and 2 but not 3 ? If I use the token generated by the web client in https://gcl-11.appspot.com all 3 work?
When I try credential.setSelectedAccountName(emailAccount);
it also does not give me a user at the server.
EDIT2:
I see this in the server logs
com.google.api.server.spi.WebApisUserService isClientIdAllowed: ClientId in token was not allowed: 522156758812-speqt3cnr7ggje0r3hhjtjg14iigru1f.apps.googleusercontent.com`
But the token should be allowed? (see links below)
https://github.com/gertcuykens/gcl-11/blob/master/appengine/rs/src/main/java/common/Id.java https://github.com/gertcuykens/gcl-11/blob/master/appengine/rs/src/main/java/rest1/Greetings.java https://github.com/gertcuykens/gcl-11/blob/master/android/src/my/endpoints/EndpointsActivity.java
EDIT3:
Turns out my pom decided not to compile my changes and uploaded the old classes... works now.
The token you're providing in the Authorization
header was minted for a specific client ID — that's the one you need.
This is the snippet you need to get a valid credentials object:
GoogleAccountCredential credential = GoogleAccountCredential.usingAudience(
MainActivity.this, AppConstants.AUDIENCE);
credential.setSelectedAccountName(emailAccount);
It makes a set of assumptions:
MainActivity
. Replace this as necessary. AppConstants
with an AUDIENCE
property. AUDIENCE
should be set to the value of your web client ID. emailAccount
is a valid email address of a Google account configured on the device. Once you have this object, you should pass it into your builder (rather than using setOauthToken
). Then you can call:
service.greetings().authed().execute()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.