如何在 Android 中使用 WebView 获取身份验证令牌？

Question

我需要在我的 Android 应用程序上接收令牌。我在 Laravel 上创建了 API，我需要接收身份验证令牌，但我不知道如何在 Android 上执行此操作。\n我做了一些代码，但它不起作用。

\n\n

public class LoginActivity extends AppCompatActivity {\n\n    WebView webView;\n    private final String URL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";\n\n    @Override\n    protected void onCreate(Bundle savedInstanceState) {\n        super.onCreate(savedInstanceState);\n        setContentView(R.layout.login);\n\n        webView = findViewById(R.id.webView);\n        webView.setWebViewClient(new WebViewClient());\n        webView.loadUrl(URL);\n\n        // Cria problemas de XSS na aplica\xc3\xa7\xc3\xa3o. Usar com cuidado\n        webView.getSettings().setJavaScriptEnabled(true);\n\n\n        if (URL.length() == 0) {\n            getToken("https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust");\n        }\n    }\n\n    private void getToken(String url) {\n\n        StringBuilder strBuild = new StringBuilder();\n\n        String authURL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";\n        String redirect_uri = "urn:ietf:wg:oauth:2.0:oob";\n        strBuild.append("&redirect_uri=").append(redirect_uri);\n\n        try{\n            java.net.URL obj = new URL(authURL);\n\n            HttpURLConnection con = (HttpURLConnection) obj.openConnection();\n            con.setDoOutput(true);\n            con.setRequestMethod("POST");\n\n            con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");\n\n            DataOutputStream wr = new DataOutputStream(con.getOutputStream());\n            wr.writeBytes(strBuild.toString());\n            wr.flush();\n            wr.close();\n\n            System.out.println(con.getResponseCode());\n            System.out.println(con.getResponseMessage());\n\n        }catch (Exception e)\n        {\n            System.out.println("Error.");\n        }\n        System.out.println(strBuild.toString());\n    }\n}\n

\n

Answer 1

好吧，你有两个选择：

第一个
第一个是更好的。如果您有权访问 Web 前端的代码，则可以执行此操作。基本上你只需添加一个WebAppInterface. 该文档描述得非常好。你的 android 函数应该接受令牌作为参数，并且应该在用户成功登录并获得令牌后由你的前端调用。

所以你的可能看起来像这样：

class WebAppInterface(private val mContext: Context) {

    /** Show a toast from the web page  */
    @JavascriptInterface
    fun consumeToken(token: String) {
        //do whatever you want to do with the token.
    }
}

您必须像这样注册它：webView.addJavascriptInterface(WebAppInterface(this), "Android")

然后你的 Web 前端（javascript 端）可以像这样调用该函数： Android.consumeToken(token);

第二个
这个有点复杂。像往常一样加载您的网址和set a WebViewClient to your WebView. 像这样：

webView.webViewClient = object: WebViewClient() {
    override fun onPageFinished(view: WebView?, url: String?) {
        super.onPageFinished(view, url)
        webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();") { s ->
            if (s != "\"{}\"") {
                var jsonAsStr = s.substring(1, s.length - 1).replace("\\", "")
                val obj = JSONObject(jsonAsStr)
                val token = obj.getString("token")
            }
        }

    }
}
webView.loadUrl("https://www.google.com/")

onPageFinished当新站点加载时会调用此函数。这样您就知道用户完成了登录（是的，如果有任何其他按钮，或者他可以单击这些按钮也会触发此功能）。但是，您可以通过检查 中的 url 来捕获这些错误onPageStarted，并查看它是否与用户登录后应看到的页面匹配。就像这样：onPageStarted被调用 -> 如果 url 与用户登录后应该看到的页面 url 匹配，那么它就是正确的，您可以调用evaluateJavascript. 但也许我的简单示例足以满足您的用例。

无论如何，evaluateJavascript然后在客户端中注入 javascript，它将读取localStorage. 然后检查它是否为空，然后解析为jsonObject. 然后只需从 jsonified localstorage 中检索令牌即可。就是这样 ：）

Java 中同样的事情：

    webView.setWebViewClient(new WebViewClient() {
    @Override
    public void onPageFinished(WebView view, String url) {
        super.onPageFinished(view, url);
        webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();", new ValueCallback<String>() {
            @Override
            public void onReceiveValue(String s) {
                if (s != "\"{}\"") {
                    String jsonAsStr = s.substring(1, s.length() - 1).replace("\\", "");
                    try {
                        JSONObject obj = new JSONObject(jsonAsStr);
                        String token = obj.getString("token");
                    } catch (JSONException e) {

                    }
                }
            }
        });
    }
});