简而言之,使用 OAuth2 请求 getAuthToken 和 getToken 有什么区别 [英] In a nutshell what's the difference from using OAuth2 request getAuthToken and getToken
问题描述
使用访问令牌 OAuth 2.0 处理时简而言之,与使用有什么区别:
AccountManager.getAuthToken ("oauth2:https...userinfo.profile"),
并使用 Google Play:
GoogleAuthUtil.getToken(mActivity, mEmail, mScope)我强>
优点:
- 可用于所有 Android 2.0 及更新版本的设备.
- 内置于 Android 中,不需要任何单独的 SDK.
- 可用于具有身份验证器的所有类型的帐户,不仅仅是 Google.
缺点:
- 返回可能已过期的令牌,因此您始终必须 挑战画面
总结
由于 GoogleAuthUtil 方法有一个更用户友好的挑战屏幕,并且在安装时需要更少的权限,我肯定会尽可能使用这种方法而不是 AccountManager.getAuthToken 方法.由于您总是会获得一个有效的令牌并且不必为使令牌无效而烦恼,因此它也应该使代码更简单.
When deling with access token OAuth 2.0 In a nutshell what's the difference from using:
AccountManager.getAuthToken ("oauth2:https...userinfo.profile"),and using Google Plays:
GoogleAuthUtil.getToken(mActivity, mEmail, mScope)As I understand it they both produce a challenge screen for the user, the Google Plays screen is user friendlier. The access token can have same scope right?! Both call have to be asynchronously. InvalidateToken looks like it has to be checked for in both calls, and more?
解决方案I didn't know about using Google Play services for OAuth 2.0 authentication, but after taking a quick look at it, it looks pretty interesting and I think it's something I could prefer to use over the AccountManager.getAuthToken.
Major differences
Pro:
- Can be used for all Android 2.0 devices and newer.
- Is built in to Android and doesn't require any separate SDK.
- Can be used for all types of accounts that has an authenticator, not only Google.
Con:
- Returns a token that may have expired so you always have to invalidate the token and request it again to make sure you have a valid token.
- Requires the permissions GET_ACCOUNTS and USE_CREDENTIALS.
- Challenge screen is not user friendly for Android 2.*
Pro:
- Always returns a valid token.
- Only requires the permission GET_ACCOUNTS
- User friendly challenge screen.
- Recommended by Google
Con:
- Require Android 2.2 and that the device have Google Play
- Require that you download and include the Google Play services SDK in your app.
- You need to register your app in the Google API Console
- Can "only" be used for Google services that uses OAuth 2.0
Challenge screen comparison
AccountManager.getAuthToken Challenge screen on Gingerbread and Ice Cream Sandwich
GoogleAuthUtil.getToken Challenge screen
Summary
Since the GoogleAuthUtil approach has a much user friendlier challenge screen and requires less permissions at install time I would definitely use this approach instead of the AccountManager.getAuthToken approach whenever I can. Since you always get a valid token and don't have to hassle with invalidating the token it should make the code simpler as well.
这篇关于简而言之,使用 OAuth2 请求 getAuthToken 和 getToken 有什么区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
