使用后端进行身份验证,无需用户干预(使用新的登录API)

时间:2017-09-05 09:31:34

标签: android google-signin google-authentication google-api-nodejs-client

我们目前能够使用deprecated approach验证Android客户端和服务器之间的请求:

String scope = "audience:server:client_id:" + SERVER_CLIENT_ID;
String account = getAnyGoogleAccountFromDevice();
String idToken = GoogleAuthUtil.getToken(context, account, scope);

在服务器端,我们使用Google的证书验证idToken并验证受众是我们的客户。

这很有效,但Google似乎已弃用此方法,并希望开发人员从PlayServices 8.3+切换到新的登录API:
https://android-developers.googleblog.com/2015/11/improvements-to-sign-in-with-google.html
https://developers.googleblog.com/2016/11/moving-to-google-sign-in-for-a-better-user-experience-and-higher-conversion-rates.html

但新文档方法(herehere解释)不允许使用我们提供的某个Google帐户,而是要求用户登录该应用。 我们想要一个透明的后端验证方式,无需任何用户干预或UI ,我们不需要用户的名称/电子邮件/个人资料信息,只需要一些令牌来验证请求是来自我们自己的客户。

使用新的Google登录API有没有办法做到这一点?

2 个答案:

答案 0 :(得分:2)

如果您已经知道用户的电子邮件地址,则可以使用以下内容刷新ID令牌:

// Run on a non-UI thread

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
    .setAccountName(emailAddress)
    .requestIdToken(SERVER_CLIENT_ID)
    .build();

GoogleApiClient client = new Builder(context)
    .addApi(Auth.GOOGLE_SIGN_IN_API, gso)
    .build();

ConnectionResult conn = client.blockingConnect();
if (!conn.isSuccess()) {
    Log.e(TAG, "Couldn't connect GoogleApiClient");
    return;
}

GoogleSignInResult result = Auth.GoogleSignInApi.silentSignIn(client).await();
GoogleSignInAccount acct = result.getSignInAccount();
Log.d(TAG, "ID Token: " + acct.getIdToken());

client.disconnect();

答案 1 :(得分:0)

使用Steven's comment,我可以在没有用户干预的情况下使silentSignIn工作,这里是代码:

// Needs to be running on a non-UI thread

String account = getAnyGoogleAccountFromDevice();

GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
    .setAccountName(account)
    .requestIdToken(SERVER_CLIENT_ID)
    .build();

GoogleApiClient client = new Builder(context)
    .addApi(Auth.GOOGLE_SIGN_IN_API, gso)
    .build();

ConnectionResult conn = client.blockingConnect();
if (!conn.isSuccess()) {
    Log.e(TAG, "Couldn't connect GoogleApiClient");
    return;
}

GoogleSignInResult result = Auth.GoogleSignInApi.silentSignIn(client).await();
GoogleSignInAccount acct = result.getSignInAccount();
Log.d(TAG, "ID Token: " + acct.getIdToken());

client.disconnect();
相关问题
最新问题