Question

我使用以下代码在Android应用中使用Google OAuth2登录：

在我的登录活动onCreate方法中，我有：

    googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
            .requestScopes(new Scope(Scopes.PLUS_LOGIN))
            //requestIdToken takes the google cloud console's project's WEB (not Android) openID client ID.
            .requestIdToken("my client id")
            .requestEmail()
            .build();

    SignInButton signInButton = (SignInButton) oAuth.findViewById(R.id.sign_in_button);
    signInButton.setSize(SignInButton.SIZE_WIDE);
    signInButton.setScopes(googleSignInOptions.getScopeArray());

    googleApiClient = new GoogleApiClient.Builder(oAuth)
            .enableAutoManage(oAuth, new GoogleApiClient.OnConnectionFailedListener() {
                @Override
                public void onConnectionFailed(@NonNull ConnectionResult connectionResult) {
                    Log.d("GoogleOAuth", "Connection failed\n" + connectionResult.getErrorMessage() );
                    Toast.makeText(context, "Failed to connect to Google", Toast.LENGTH_LONG).show();
                }
            })
            .addApi(Auth.GOOGLE_SIGN_IN_API, googleSignInOptions)
            .build();

我将onClick监听器注册到登录按钮，该按钮调用：

    Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(googleApiClient);
    activity.startActivityForResult(signInIntent, GOOGLE_SIGN_IN);

我得到了活动结果：

public void onActivityResult(OAuth oAuth, Context context, int requestCode, int resultCode, Intent data) {
    // Result returned from launching the Intent from GoogleSignInApi.getSignInIntent(...);
    if (requestCode == GOOGLE_SIGN_IN) {
        GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
        if (result.isSuccess()) {
            GoogleSignInAccount account = result.getSignInAccount();
            String idToken = account.getIdToken(); //this has a value

            Map<String, String> logins = new HashMap<String, String>();
            logins.put("accounts.google.com", token);
            AWSCommunicator.setLogins(oAuth, logins, account);
            credentialsProvider.setLogins(logins);
        }
        else {
            Toast.makeText(context, "failed to login" + result.getStatus().toString(), Toast.LENGTH_LONG).show();
        }
    } else {
        Log.d("GoogleAuth", "Bad requestCode: " + requestCode);
    }
}

现在一切都很好，一切似乎都很好。这是我看到的一些日志。

D/CognitoCachingCredentialsProvider: Identity id is changed
D/CognitoCachingCredentialsProvider: Saving identity id to SharedPreferences
D/CognitoCachingCredentialsProvider: Clearing credentials from SharedPreferences
D/CognitoCachingCredentialsProvider: Saving credentials to SharedPreferences
D/CognitoCachingCredentialsProvider: Saving identity id to SharedPreferences

一切都很好。我已经过身份验证，我可以对我的API网关端点进行经过身份验证的调用（使用AWS Api Gateway自动生成的SDK）。

现在一小时后，我尝试拨打电话并且该令牌已过期。我如何获得新令牌？然后如何刷新Cognito？

Answer 1

您应该能够从Google提供的刷新令牌中获取谷歌的新Id令牌。这个文档可能会有所帮助。 https://developers.google.com/api-client-library/java/google-api-java-client/oauth2

要刷新Cognito凭据，您只需要使用IdP中的最新令牌（在本例中为Google Oauth）使credentialsProvider保持最新。凭证到期后，如果CognitoCachingCredentialsProvider具有最新的令牌，它将自动刷新。

Android，AWS Cognito Google OAuth身份验证使用CognitoCachingCredentialsProvider进行身份验证

1 个答案: