Android:如何通过 Google Sign-In API 获取刷新令牌? [英] Android: How to get Refresh Token by Google Sign-In API?

问题描述

目前，我正在开发用户可以使用 Google 登录的应用程序.作为登录过程的一部分，我们需要将 Google ACCESS TOKEN 和 REFRESH TOKEN 发送到服务器端.

Currently, I am working on the application where user able to login with Google. As part of the login process, we need to send Google ACCESS TOKEN and REFRESH TOKEN to server end.

我正在通过以下方法检索访问令牌，

I am retrieving access token by the following method,

        mAccountName = googleSignInAccount.getEmail();
        String scopes = "oauth2:profile email";
        String token = null;
        try {
            token = GoogleAuthUtil.getToken(activity.getApplicationContext(), mAccountName, scopes);
        } catch (IOException e) {
            Logger.eLog(TAG, e.getMessage());
        }

我正在访问访问令牌的 GoogleAuthUtil 类没有刷新令牌的功能.那么如何访问Refresh Token呢?提前致谢！

GoogleAuthUtil class from which I am accessing access token don't have a function for refresh token. So how to access Refresh Token? Thanks in advance!

推荐答案

您应该使用 服务器验证码流通过 Auth.GOOGLE_SIGN_IN_API:在 Android 客户端获取服务器验证码，发送到您的服务器，服务器交换刷新和访问令牌的代码(带有秘密).此博文 也是.

You should use the server auth code flow via Auth.GOOGLE_SIGN_IN_API: get an server auth code on Android client, send to your server, server exchanges the code for refresh and access token (with a secret). There are more details in this blog post as well.

此外，如果您现在使用 GoogleAuthUtil.getToken 作为访问令牌，您确实想查看此 Google 登录最佳实践博客文章，了解如何迁移到推荐流程以确保安全和最佳用户体验.

Also, if you are using GoogleAuthUtil.getToken for access token now, you do want to check out this Google Sign-In best practice blog post to see how to migrate to the recommended flow to ensure security and best UX.

这篇关于Android:如何通过 Google Sign-In API 获取刷新令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！