OAuth的AppEngine上与谷歌Play服务 [英] Oauth on Appengine with Google Play services
问题描述
我使用谷歌Android上发挥服务,以获得访问谷歌API和谷歌的云端点。我也能够获得访问使用谷歌从播放服务令牌的AppEngine上用户API。这可能吗?有一个在为这个的OAuth 链接一些示例code,但有点模糊。我可以通过OAuth令牌在报头,并得到下面的?? code用户
用户的用户= NULL;
尝试{
OAuthService的OAuth = OAuthServiceFactory.getOAuthService();
用户= oauth.getCurrentUser(); }赶上(OAuthRequestException E){
//消费者作出了无效的OAuth请求,使用的是一个访问令牌
//撤销,或没有提供OAuth的信息。
// ...
}
可以,但这种方法不会像你在哪里方案为安全:
- 使用特定的服务范围为谷歌API
- 直接访问一个端点API
您可以使用谷歌Play服务获得范围你'令牌倒要使用。既然你有兴趣使用用户在App Engine API,你需要在 userinfo.email 范围:
字符串mScope =https://www.googleapis.com/auth/userinfo.email;
尝试{
令牌= GoogleAuthUtil.getToken(mActivity,mEmail,mScope);
} {抓
...
}
通过Authorization头发送到App Engine:
授权:承载your_token
然后,使用的OAuth API,你可以获取用户对象:
字符串mScope =https://www.googleapis.com/auth/userinfo.email;
用户的用户= NULL;
尝试{
OAuthService的OAuth = OAuthServiceFactory.getOAuthService();
用户= oauth.getCurrentUser(mScope);
}赶上(OAuthRequestException E){
//消费者作出了无效的OAuth请求,使用的是一个访问令牌
//撤销,或没有提供OAuth的信息。
// ...
}
但是,一般你不想这样做!如果您保护您的应用程序这样,其他用户可以编写要求您允许你的用户信息的应用程序.email 范围。一旦批准,他们需要做的是采取令牌,并将其传递给的您的应用程序,并显示为你做。端点和其他谷歌的API有额外的逻辑到位,以prevent这种行为,这就是为什么你最好不要使用这些方法之一。
I'm using Google play services on Android to get access to Google Apis and Google cloud Endpoints. I would also be able to get access to the appengine User api using a token from Google Play Services. Is this possible? There is some sample code at this link for OAuth, but is a little vague. Can I pass the oauth token in a header and get a user with the code below??
User user = null;
try {
OAuthService oauth = OAuthServiceFactory.getOAuthService();
user = oauth.getCurrentUser();
} catch (OAuthRequestException e) {
// The consumer made an invalid OAuth request, used an access token that was
// revoked, or did not provide OAuth information.
// ...
}
You can, but this approach isn't going to be as secure as a scenario where you are:
- using a service-specific scope for a Google API
- accessing an Endpoints API directly
You can use Google Play Services to obtain a token for the scope you'd like to use. Since you're interested in using the Users API on App Engine, you'll want the userinfo.email scope:
String mScope = "https://www.googleapis.com/auth/userinfo.email";
try {
token = GoogleAuthUtil.getToken(mActivity, mEmail, mScope);
} catch {
...
}
Send this to App Engine via the Authorization header:
Authorization: Bearer your_token
Then, using the OAuth API, you can obtain a User object:
String mScope = "https://www.googleapis.com/auth/userinfo.email";
User user = null;
try {
OAuthService oauth = OAuthServiceFactory.getOAuthService();
user = oauth.getCurrentUser(mScope);
} catch (OAuthRequestException e) {
// The consumer made an invalid OAuth request, used an access token that was
// revoked, or did not provide OAuth information.
// ...
}
But, in general you don't want to do this! If you protect your application this way, another user can write an application that asks you permission to your userinfo.email scope. Once granted, all they need to do is take the token and pass it to your application, and they appear as you do. Endpoints and other Google APIs have additional logic in place to prevent this kind of behavior, which is why you're better off using one of those approaches.
这篇关于OAuth的AppEngine上与谷歌Play服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
