Bri*_*ian 6 android google-api google-plus google-oauth
我有一个客户端和服务器应用程序,一旦在客户端(android)上验证后,需要在SERVER端访问用户g +配置文件
我在这个客户端获得了一个ID令牌
@Background
void getAccessToken() {
String scopes = "audience:server:client_id:xxxxxxxxxxxxx.apps.googleusercontent.com";
Log.d(TAG,scopes);
try {
accessToken = GoogleAuthUtil.getToken(this,mPlusClient.getAccountName(),scopes);
Log.d(TAG,accessToken);
getPlusFriends();
}
catch (IOException transientEx) {
Log.e(TAG, transientEx.getMessage());
return;
}
catch (UserRecoverableAuthException e) {
Log.e(TAG, e.getMessage());
accessToken = null;
}
catch (GoogleAuthException authEx) {
Log.e(TAG, authEx.getMessage());
return;
}
catch (Exception e) {
throw new RuntimeException(e);
}
}
这将给我一个长ID标记,如本博客中所述http://www.tbray.org/ongoing/When/201x/2013/04/04/ID-Tokens
我想我应该将该令牌发送到我需要做某事的服务器,将其转换为access_token.我可以验证id令牌吗?发送一个卷曲请求是好的
https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=
它会像这样返回一个json字符串
{
"issuer": "accounts.google.com",
"issued_to": "xxxxxxxxxxxxxx.apps.googleusercontent.com",
"audience": "xxxxxxxxxxxxxx.apps.googleusercontent.com",
"user_id": "123456",
"expires_in": 3362,
"issued_at": 1382577073,
"email": "myemail@something",
"verified_email": true
}
php服务器
\Config::load('google_api', 'google');
$key = Config::get('google.client_id');
$secret = Config::get('google.client_secret');
$scopes = Config::get('google.scopes');
$client = new Google_Client();
$client->setClientId($key);
$client->setClientSecret($secret);
$client->setScopes($scopes);
$client->setState('offline');
$client->authenticate($token);
其中issued_to是我在Google API控制台中的Android应用程序的客户端ID,而受众是我的网络应用程序的客户端,到目前为止,我认为似乎是正确的.
所以现在我正在使用php客户端,并不确定从那里做什么.我尝试使用id令牌验证api客户端,但我得到错误400 - 获取OAuth2访问令牌时出错,消息:'invalid_grant'
我不确定我是否应该尝试使用该ID令牌验证PHP Google+客户端,或者是否应该如何将其替换为访问令牌
您需要的是一次性授权代码,您将其传递给服务器,服务器会交换该授权代码以进行访问并刷新令牌.ID令牌对于验证应用和用户是否是他们所声称的用户非常有用,但不能用于让您的服务器访问数据.
您的代码很接近,但缺少一些关键部分可以使其工作,例如指定应用程序最初在PlusClient配置中请求的应用程序活动类型,并且您的范围字符串需要更改.
取自文档:
Bundle appActivities = new Bundle();
appActivities.putString(GoogleAuthUtil.KEY_REQUEST_VISIBLE_ACTIVITIES,
"<app-activity1> <app-activity2>");
String scopes = "oauth2:server:client_id:<server client-id>:api_scope:<scope1> <scope2>";
String code = null;
try {
code = GoogleAuthUtil.getToken(
this, // Context context
mPlusClient.getAccountName(), // String accountName
scopes, // String scope
appActivities // Bundle bundle
);
} catch (IOException transientEx) {
// network or server error, the call is expected to succeed if you try again later.
// Don't attempt to call again immediately - the request is likely to
// fail, you'll hit quotas or back-off.
...
return;
} catch (UserRecoverableAuthException e) {
// Recover
code = null;
} catch (GoogleAuthException authEx) {
// Failure. The call is not expected to ever succeed so it should not be
// retried.
...
return;
} catch (Exception e) {
throw new RuntimeException(e);
}
该code说你回来,你传递给你的服务器.请参阅PHP快速入门中的第98行,了解如何使用PHP客户端库执行代码交换(以及其他步骤,如验证ID).您还需要配置PHP客户端以进行脱机访问.基础是:
$client = new apiClient();
$client->setClientId('From APIs console');
$client->setClientSecret('From APIs console');
$client->setScopes('exact same list of scopes as Android app, space separated');
$client->setRedirectUri('postmessage'); // Used in hybrid flows
$client->setState('offline');
// Exchange authorization code for access and refresh tokens
$client->authenticate($code);
$token = json_decode($client->getAccessToken());
| 归档时间: |
|
| 查看次数: |
2753 次 |
| 最近记录: |