Mat*_*lak 7 authentication google-app-engine android google-oauth
我的目标是为我的Android应用程序构建简单的应用程序引擎后端.此后端的目的只是验证Android客户端调用,并提供密码,该密码将用于与我的服务器的进一步https通信.于是我开始ccording这个http://android-developers.blogspot.in/2013/01/verifying-back-end-calls-from-android.html文章.客户端看起来像:
GoogleAuthUtil.getToken(MainActivityy.this, "my.email@gmail.com", "audience:server:client_id:my_Client_ID_for_web_applications.apps.googleusercontent.com");
此方法返回如下所示的标记:
eyJhbGciOiJSUzI1NiIsImtpZCI6ImFiMWIyZTllNGU2NGE0MmIzM2U3YjMxMDQwNzUyMzIxYmVlMmJkYmEifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiZW1haWwiOiJtYXRvLnBldHJ1bGFrQGdtYWlsLmNvbSIsInZlcmlmaWVkX2VtYWlsIjoidHJ1ZSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImNpZCI6IjU0ODk4MTY3NzkzMC0xcGxxamF2OWloOGU4MGJ0ZWdpYzg0YmcycjlxN2MwMi5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF6cCI6IjU0ODk4MTY3NzkzMC0xcGxxamF2OWloOGU4MGJ0ZWdpYzg0YmcycjlxN2MwMi5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjU0ODk4MTY3NzkzMC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImlkIjoiMTE4MTQ0NjEyNDkzMTM1NzYxOTUwIiwic3ViIjoiMTE4MTQ0NjEyNDkzMTM1NzYxOTUwIiwiaWF0IjoxMzY4NzExODk0LCJleHAiOjEzNjg3MTU3OTR9.oN5ncz6MEAZBW8NXDhc4O-Y82C2mma675lbw9ZZA-1bs8zM9FKQG1K97PfNfxJFImiPMY8UYIjhqDIkHpErjaV0KDJpLv8NkmsdADOFjt5eQkFGWf92fufL7QEIkWqLL1fKxG7f8-OR59O5AOAVchdgtqDt4DhEH7oHfAZqf3wU
现在我想在后端验证这个令牌.所以我使用谷歌插件为eclpise创建了新的Web应用程序项目.它会生成一些示例项目.对于这个项目,我从上面提到的文章中添加了Checker类.看起来像这样:
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Logger;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
public class Checker {
private final List mClientIDs;
private final String mAudience;
private final GoogleIdTokenVerifier mVerifier;
private final JsonFactory mJFactory;
private String mProblem = "Verification failed. (Time-out?)";
private Logger log ;
public Checker(String[] clientIDs, String audience) {
mClientIDs = Arrays.asList(clientIDs);
mAudience = audience;
NetHttpTransport transport = new NetHttpTransport();
mJFactory = new GsonFactory();
mVerifier = new GoogleIdTokenVerifier(transport, mJFactory);
log = Logger.getLogger(Checker.class.getName());
log.severe("CHECKER CRETAED");
}
public GoogleIdToken.Payload check(String tokenString) {
GoogleIdToken.Payload payload = null;
log.severe("CHECK START");
try {
log.severe("CHECK 1");
GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString);
log.severe("CHECK 2");
if (mVerifier.verify(token)) {
log.severe("CHECK 3");
GoogleIdToken.Payload tempPayload = token.getPayload();
log.severe("CHECK4");
if (!tempPayload.getAudience().equals(mAudience)){
mProblem = "Audience mismatch";
log.severe("Audience mismatch");
}
else if (!mClientIDs.contains(tempPayload.getIssuee())){
mProblem = "Client ID mismatch";
log.severe("Client ID mismatch");
}
else{
payload = tempPayload;
log.severe(payload.getEmail().toString());
log.severe("CHECK 5");
}
}
} catch (GeneralSecurityException e) {
log.severe("Security issue: " + e.getLocalizedMessage());
mProblem = "Security issue: " + e.getLocalizedMessage();
} catch (IOException e) {
log.severe("Network problem: " + e.getLocalizedMessage());
mProblem = "Network problem: " + e.getLocalizedMessage();
}
log.severe("CHECK END");
return payload;
}
public String problem() {
return mProblem;
}
}
现在我做这样的事情来验证Android客户端提供的令牌.
String [] clinetidS = new String [] {"xxxxxxxxxxxxx-plqjav9ih8e80btegic84bg2r9q7c02.apps.googleusercontent.com"}; //Client ID for installed applications
Checker checker = new Checker(clinetidS, "my_project_at_appspot.appspot.com");
checker.check("eyJhbGciOiJSUzI1NiIsImtpZCI6ImFiMWIyZTllNGU2NGE0MmIzM2U3YjMxMDQwNzUyMzIxYmVlMmJkYmEifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiZW1haWwiOiJtYXRvLnBldHJ1bGFrQGdtYWlsLmNvbSIsInZlcmlmaWVkX2VtYWlsIjoidHJ1ZSIsImVtYWlsX3ZlcmlmaWVkIjoidHJ1ZSIsImNpZCI6IjU0ODk4MTY3NzkzMC0xcGxxamF2OWloOGU4MGJ0ZWdpYzg0YmcycjlxN2MwMi5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF6cCI6IjU0ODk4MTY3NzkzMC0xcGxxamF2OWloOGU4MGJ0ZWdpYzg0YmcycjlxN2MwMi5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjU0ODk4MTY3NzkzMC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImlkIjoiMTE4MTQ0NjEyNDkzMTM1NzYxOTUwIiwic3ViIjoiMTE4MTQ0NjEyNDkzMTM1NzYxOTUwIiwiaWF0IjoxMzY4NzExODk0LCJleHAiOjEzNjg3MTU3OTR9.oN5ncz6MEAZBW8NXDhc4O-Y82C2mma675lbw9ZZA-1bs8zM9FKQG1K97PfNfxJFImiPMY8UYIjhqDIkHpErjaV0KDJpLv8NkmsdADOFjt5eQkFGWf92fufL7QEIkWqLL1fKxG7f8-OR59O5AOAVchdgtqDt4DhEH7oHfAZqf3wU");
现在问题是Checker类永远不会通过这个检查:
if (mVerifier.verify(token))
有什么方法可以在线检查android令牌?有任何想法吗??或哪里可以问题?
您始终可以使用curl查看以交互方式检查令牌
curl https://www.googleapis.com/oauth2/v1/tokeninfo?id_token= < your-id-token- here >
mVerifier.verify的异常/问题是什么?
| 归档时间: |
|
| 查看次数: |
7605 次 |
| 最近记录: |