Cognito Google联合身份,无效的OpenId Connect身份令牌

时间:2017-10-23 21:08:11

标签: openid amazon-cognito openid-connect aws-cognito google-openid

我正在开发一个应用程序,允许用户使用他们的Google帐户登录,然后使用该登录信息获取Cognito联合身份。

我无法获得使用Cognito进行身份验证所需的正确令牌。我一直收到错误 Runnable runnable = new Runnable() { @Override public void run() { CognitoSyncClientManager.init(getActivity().getApplicationContext()); String token = null; try { token = GoogleAuthUtil.getToken(getActivity().getApplicationContext(), signInAccount.getAccount(), "oauth2:openid"); }catch (Exception e){ Log.d("login exception", e.toString()); } Map<String, String> logins = new HashMap<String, String>(); logins.put("accounts.google.com", token); CognitoSyncClientManager.addLogins("accounts.google.com", token); Log.d("login", "Created User token " + token); Log.d("login", "Cached UserID: "+CognitoSyncClientManager.credentialsProvider.getCachedIdentityId()); Log.d("login", "UserID: " + CognitoSyncClientManager.credentialsProvider.getIdentityId()); Toast.makeText(getActivity().getApplicationContext(), "Created user: "+CognitoSyncClientManager.credentialsProvider.getCachedIdentityId(), Toast.LENGTH_LONG); } }; Thread t = new Thread(runnable); t.start();

这是我的代码:

&#13;
&#13;
{{1}}
&#13;
&#13;
&#13;

2 个答案:

答案 0 :(得分:3)

GoogleAuthUtil的getToken似乎返回了一个访问令牌。

https://developers.google.com/android/reference/com/google/android/gms/auth/GoogleAuthUtil.html#getToken(android.content.Context,android.accounts.Account,java.lang.String,android.os.Bundle)

您需要将Google的OpenId Connect Id令牌传递给Cognito,而不是访问令牌。

https://developers.google.com/identity/sign-in/android/backend-auth

答案 1 :(得分:0)

基于Javascript passport-google-auth模块,它返回access_token,refresh_token和params。

获取cognito_identity您需要使用从Google收到的params.id_token

    passport.use(new GoogleStrategy(googleDeveloperDetails, getUserDetails));

    app.get("/auth/google", passport.authenticate("google", { scope: ['email'] }));

    var authGoogle = passport.authenticate("google", {
        failureRedirect: "/auth/google"
    });

    app.get("auth/google/callback", authGoogle, controller.successRedirect);

    getUserDetails = function(accessToken, refreshToken, params, profile, done) {
          if(profile.provider == "google") {
           profile.token = params.id_token   // params.id_token to be used to get cognito credentials
          } else {
                profile.token = accessToken;
          }
          done(null, profile);
    }

    googleDeveloperDetails = {
        clientID: "google cleint ID",
        clientSecret: "google client secret",
        callbackURL: "https://localhost:3000/auth/google/callback",
        profileFields: ["emails", "profile"]
    }