我们目前能够使用deprecated approach验证Android客户端和服务器之间的请求:
String scope = "audience:server:client_id:" + SERVER_CLIENT_ID;
String account = getAnyGoogleAccountFromDevice();
String idToken = GoogleAuthUtil.getToken(context, account, scope);
在服务器端,我们使用Google的证书验证idToken
并验证受众是我们的客户。
这很有效,但Google似乎已弃用此方法,并希望开发人员从PlayServices 8.3+切换到新的登录API:
https://android-developers.googleblog.com/2015/11/improvements-to-sign-in-with-google.html
https://developers.googleblog.com/2016/11/moving-to-google-sign-in-for-a-better-user-experience-and-higher-conversion-rates.html
但新文档方法(here和here解释)不允许使用我们提供的某个Google帐户,而是要求用户登录该应用。 我们想要一个透明的后端验证方式,无需任何用户干预或UI ,我们不需要用户的名称/电子邮件/个人资料信息,只需要一些令牌来验证请求是来自我们自己的客户。
使用新的Google登录API有没有办法做到这一点?
答案 0 :(得分:2)
如果您已经知道用户的电子邮件地址,则可以使用以下内容刷新ID令牌:
// Run on a non-UI thread
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.setAccountName(emailAddress)
.requestIdToken(SERVER_CLIENT_ID)
.build();
GoogleApiClient client = new Builder(context)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso)
.build();
ConnectionResult conn = client.blockingConnect();
if (!conn.isSuccess()) {
Log.e(TAG, "Couldn't connect GoogleApiClient");
return;
}
GoogleSignInResult result = Auth.GoogleSignInApi.silentSignIn(client).await();
GoogleSignInAccount acct = result.getSignInAccount();
Log.d(TAG, "ID Token: " + acct.getIdToken());
client.disconnect();
答案 1 :(得分:0)
使用Steven's comment,我可以在没有用户干预的情况下使silentSignIn
工作,这里是代码:
// Needs to be running on a non-UI thread
String account = getAnyGoogleAccountFromDevice();
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.setAccountName(account)
.requestIdToken(SERVER_CLIENT_ID)
.build();
GoogleApiClient client = new Builder(context)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso)
.build();
ConnectionResult conn = client.blockingConnect();
if (!conn.isSuccess()) {
Log.e(TAG, "Couldn't connect GoogleApiClient");
return;
}
GoogleSignInResult result = Auth.GoogleSignInApi.silentSignIn(client).await();
GoogleSignInAccount acct = result.getSignInAccount();
Log.d(TAG, "ID Token: " + acct.getIdToken());
client.disconnect();