Android:如何以编程方式获取SHA1/MD5指纹? [英] Android: How to get SHA1/MD5 fingerprint programmatically?

问题描述

我正在尝试实现一种与后端服务器通信的方法，并确保后端(如果是我的应用程序正在调用)仅应答.

I'm trying to implement a way to communicate with my backend-server and be sure that my backend only answers, if it's my application which is calling.

所以我的想法是，我只发送带有HTTPS POST请求的SHA1/MD5指纹，并在后端服务器上对其进行验证.如果指纹匹配，服务器将回答.

So my idea is, that i just send the SHA1/MD5 fingerprint with the HTTPS POST request and verify it on the backend server. If the fingerprint matches, the server will answer.

所以我的第一个问题是:如何在运行时以编程方式获取这些信息?甚至有可能吗?

So my first question is: How do I get these programmatically at runtime? Is it even possible?

第二个问题是:会那么容易吗?还是我真的必须设置OAuth服务器(或使用google-api)?...问题是，我认为OAuth对于我的用例来说有点过头了，我不想处理过期/刷新令牌的东西.

The second question is: Can it be that easy? Or do i really have to set up an OAuth-Server (or use the google-api)?...The thing is, that I think that OAuth is a bit overkill for my use case and I don't want to handle the expiration/refresh-token stuff.

推荐答案

您要尝试执行的操作是不可能的.您以id身份发送到服务器的任何内容都可以被另一个应用程序复制.这就是为什么用户密码不在应用程序中的原因-外部来源的密码是确保请求有效的唯一方法.但这只能证明 user 是有效的，而不能证明它来自您的应用程序.

What you're trying to do is impossible. Anything you send to the server as an id can be copied by another application. That's why you have user's with passwords that aren't in the application- the password from an outside source is the only way to be sure the request is valid. And that only proves the user is valid, not that its from your application.

这篇关于Android:如何以编程方式获取SHA1/MD5指纹?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！