【问题标题】:Android how can I take the access token from the authServerCode?Android 如何从 authServerCode 获取访问令牌?
【发布时间】:2016-11-22 11:11:20
【问题描述】:

这是我的 googleApiClient:

 gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
            .requestEmail()
            .requestServerAuthCode(serverID)
            .build();
    mGoogleApiClient = new GoogleApiClient.Builder(PSSignInFlowActivity.this)
            .enableAutoManage(this/* FragmentActivity */, this)
            .addApi(Auth.GOOGLE_SIGN_IN_API, gso)
            .build();

这是我按下登录按钮时发生的情况:

public void login(){
    Log.i("", "handleSignInResult login:");
    Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(mGoogleApiClient);
    startActivityForResult(signInIntent, RC_SIGN_IN);
}

带我到这里:

@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    Log.i("", "handleSignInResult onActivityResult:" + requestCode + ".." + resultCode);
    // Result returned from launching the Intent from GoogleSignInApi.getSignInIntent(...);
    if (requestCode == RC_SIGN_IN) {
        GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
        Log.i("","handleSignInResult onActivityResult: " +result.getSignInAccount() + ",,," + result.getStatus());
        handleSignInResult(result);
    }
}

这叫这个:

 private void handleSignInResult(GoogleSignInResult result) {
    Log.i("", "handleSignInResult:" + result.isSuccess());
    if (result.isSuccess()) {
        // Signed in successfully, show authenticated UI.
        GoogleSignInAccount acct = result.getSignInAccount();
        String authCode = acct.getServerAuthCode();
//            if(authCode != null)
//                storyFragment.setFromGoogle(authCode);
    } else {
        // Signed out, show unauthenticated UI.
    }
}

我的问题是我需要来自 GoogleSignInResult 的 accessToken,但我只取回 serverAuthCode。我看到您可以在 auth2 操场上用 serverAuthCode 交换访问令牌。这可以通过编程方式完成吗?

【问题讨论】:

标签: android google-api access-token google-signin googlesigninapi


【解决方案1】:

这对我有用:

  try{
                    String scope =  "oauth2:" + Scopes.PROFILE;
                    Account account = new Account(acct.getEmail(), "com.google");
                    final String token  = GoogleAuthUtil.getToken(PSSignInFlowActivity.this, account, scope);
                    runOnUiThread(new Runnable() {
                        @Override
                        public void run() {
                            storyFragment.setFromGoogle(token);
                        }
                    });
                }catch (Exception e){
                    Log.e("","error trying to get client secret : " + e.getMessage());
                }

【讨论】:

  • 如果没有特别的预防措施,这样做会引入访问令牌替换攻击的机会。 android-developers.blogspot.com/2016/05/…
  • 你有后端服务器吗?如果是这样,请将身份验证代码发送到您的服务器并将其交换为文档中所述的访问令牌:developers.google.com/identity/sign-in/android/offline-access
猜你喜欢
  • 2017-10-11
  • 1970-01-01
  • 2014-07-08
  • 2012-09-16
  • 2013-03-30
  • 2021-11-10
  • 2023-03-07
  • 2012-04-09
  • 1970-01-01
相关资源
最近更新 更多