如何在 Android 中使用 WebView 获取身份验证令牌? [英] How do you obtain a Authentication token using WebView in Android?
问题描述
我需要在我的 Android 应用程序上接收令牌.我在 Laravel 上创建了 API,我需要接收一个身份验证令牌,但我不知道如何在 Android 上执行此操作.我做了一些代码,但它不起作用.
I need to receive the token on my Android aplication. I created and API on Laravel, and i need to receive an authentication token, but i don't know how to do it on Android. I did some code but it doesn't work.
public class LoginActivity extends AppCompatActivity {
WebView webView;
private final String URL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.login);
webView = findViewById(R.id.webView);
webView.setWebViewClient(new WebViewClient());
webView.loadUrl(URL);
// Cria problemas de XSS na aplicação. Usar com cuidado
webView.getSettings().setJavaScriptEnabled(true);
if (URL.length() == 0) {
getToken("https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust");
}
}
private void getToken(String url) {
StringBuilder strBuild = new StringBuilder();
String authURL = "https://login.ipleiria.pt/adfs/ls/?client-request-id=5d88995c-4405-40c7-985f-a02fd6d62749&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAY2RO2_TUABGc-PEbaMKKsTAgEQHpEpI176-14_YEhLOw2mihDRJCWCBKtuxEzdObPzIa2Pr2IEBOiHElJEBIf4AUsXQqUN_QcWEmBgYaMTCBmc4-ubz3aM4hlPuoj9guDJEjsNBy16tvwhv5LaevTl6ni19efD64C17fr5TPQHXRnPGDTzbDV2DCeIluDOI4yBSWNZPYs_3h4zvOK5lM5Y_Yv2pwX4C4AyAZVoSiZiX8rKABUw4TLBAGCKKHI-wDEWMLMjjngMNCROICTIkx-Z4yxQv0tebahIP8Ep-6C7sH-kNxw9HB4EfxSfUK1Cy4kIpqvbL5UIb1RO-3PcXjXqnPjuM-b6gNatoaFZQ7XBSRxGJZTnUO2Iv6DWTmdgtVrwGP2sN1HGguhW3PVet3eFcm-JW-2k3atSQqor7Lyb8UINDSCJnz8vbu16Xx9CR9Xwy6xgjTeppiVM3ySNB79RMW-C6e3BJ_VfjDxR91Wnkj08p2g_ssds7y4BvmU1EKevrua3UrdR26mcGvMteffH-csreXtspvZzYvz5ufk2dZlm2bZS1_mLgdcbF_ccto2BOpPzDqDEvPklCvWvpbWLwXpUvmf37ROGOaXBM05c0-E6Do7XU541_fXeRu4kRJ0NEIMdtc0hBSBGw_hs1&RedirectToIdentityProvider=http%3a%2f%2flogin.ipleiria.pt%2fadfs%2fservices%2ftrust";
String redirect_uri = "urn:ietf:wg:oauth:2.0:oob";
strBuild.append("&redirect_uri=").append(redirect_uri);
try{
java.net.URL obj = new URL(authURL);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setDoOutput(true);
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(strBuild.toString());
wr.flush();
wr.close();
System.out.println(con.getResponseCode());
System.out.println(con.getResponseMessage());
}catch (Exception e)
{
System.out.println("Error.");
}
System.out.println(strBuild.toString());
}
}
推荐答案
好吧,你有两个选择:
第一个
第一个是更好的.如果您有权访问 Web 前端的代码,则可以执行此操作.基本上,您只需添加一个 WebAppInterface.该文档对它的描述非常好.您的 android 函数应接受令牌作为参数,并应在用户成功登录并获得其令牌后由您的前端调用.
First one
The first one is the better one. You can do this if you have access to the code of the Web frontend. Basically you just add a WebAppInterface. The documentation describes it really well. Your android function should accept the token as a parameter and it should be called by your frontend after the user successfully logged in and has gotten his token.
所以你的可能看起来像这样:
So yours could look like this:
class WebAppInterface(private val mContext: Context) {
/** Show a toast from the web page */
@JavascriptInterface
fun consumeToken(token: String) {
//do whatever you want to do with the token.
}
}
你必须像这样注册它:webView.addJavascriptInterface(WebAppInterface(this), "Android")
然后你的 Web 前端(javascript 端)可以调用这样的函数:Android.consumeToken(token);
Then your Web frontend (the javascript side) can invoke the function like that: Android.consumeToken(token);
第二个
这个有点复杂.像往常一样加载您的 url 并将 WebViewClient 设置为您的 WebView.像这样:
webView.webViewClient = object: WebViewClient() {
override fun onPageFinished(view: WebView?, url: String?) {
super.onPageFinished(view, url)
webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();") { s ->
if (s != "\"{}\"") {
var jsonAsStr = s.substring(1, s.length - 1).replace("\\", "")
val obj = JSONObject(jsonAsStr)
val token = obj.getString("token")
}
}
}
}
webView.loadUrl("https://www.google.com/")
所以 onPageFinished 在新网站加载时被调用.这样你就知道用户完成了登录(是的,如果有任何其他按钮或者他可以点击这些按钮也会触发这个功能).但是,您可以通过检查 onPageStarted 中的 url 来捕获这些错误,并查看这是否与用户在登录后应该看到的页面匹配.就像这样:onPageStarted 被调用 -> 如果 url 与用户在登录后应该看到的页面 url 匹配,那么它是正确的,您可以调用 evaluateJavascript.但也许我的简单示例足以满足您的用例.
So onPageFinished is called when a new site loads. This way you know that the user completed the login (yes if there where any other buttons or so that he could click those would trigger this function as well). However you could catch those errors by checking the url in the onPageStarted and see if this matches the page the user should see after login. So like this: onPageStarted gets called -> if the url matches the url of the page the user should see after the login then its the correct one and you can invoke the evaluateJavascript. But maybe my simple example is enough for your usecase.
无论如何,evaluateJavascript 然后将 javascript 注入客户端,该客户端将读取 localStorage.然后检查它是否为空,然后解析为 jsonObject.然后只需从 jsonified localstorage 中检索令牌.就是这样:)
Anyway the evaluateJavascript then injects javascript in the client which will read the localStorage. This is then checked if it's empty or not and afterwards parsed to a jsonObject. Then just retrieve the token from the jsonified localstorage. Thats it :)
Java 中的相同内容:
Same thing in Java:
webView.setWebViewClient(new WebViewClient() {
@Override
public void onPageFinished(WebView view, String url) {
super.onPageFinished(view, url);
webView.evaluateJavascript("(function() { return JSON.stringify(localStorage); })();", new ValueCallback<String>() {
@Override
public void onReceiveValue(String s) {
if (s != "\"{}\"") {
String jsonAsStr = s.substring(1, s.length() - 1).replace("\\", "");
try {
JSONObject obj = new JSONObject(jsonAsStr);
String token = obj.getString("token");
} catch (JSONException e) {
}
}
}
});
}
});
这篇关于如何在 Android 中使用 WebView 获取身份验证令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
