Android:如何以编程方式获取 SHA1/MD5 指纹? [英] Android: How to get SHA1/MD5 fingerprint programmatically?
问题描述
我正在尝试实现一种与我的后端服务器进行通信的方法,并确保我的后端只响应(如果是我的应用程序在调用).
I'm trying to implement a way to communicate with my backend-server and be sure that my backend only answers, if it's my application which is calling.
所以我的想法是,我只是将 SHA1/MD5 指纹与 HTTPS POST 请求一起发送并在后端服务器上进行验证.如果指纹匹配,服务器会回答.
So my idea is, that i just send the SHA1/MD5 fingerprint with the HTTPS POST request and verify it on the backend server. If the fingerprint matches, the server will answer.
所以我的第一个问题是:如何在运行时以编程方式获取这些信息?甚至有可能吗?
So my first question is: How do I get these programmatically at runtime? Is it even possible?
第二个问题是:有那么容易吗?或者我真的必须设置 OAuth-Server(或使用 google-api)?...问题是,我认为 OAuth 对我的用例来说有点矫枉过正,我不想处理过期/刷新令牌的东西.
The second question is: Can it be that easy? Or do i really have to set up an OAuth-Server (or use the google-api)?...The thing is, that I think that OAuth is a bit overkill for my use case and I don't want to handle the expiration/refresh-token stuff.
推荐答案
您尝试做的事情是不可能的.您作为 id 发送到服务器的任何内容都可以被另一个应用程序复制.这就是为什么您的用户的密码不在应用程序中的原因 - 来自外部来源的密码是确保请求有效的唯一方法.这只能证明用户是有效的,而不能证明它来自您的应用程序.
What you're trying to do is impossible. Anything you send to the server as an id can be copied by another application. That's why you have user's with passwords that aren't in the application- the password from an outside source is the only way to be sure the request is valid. And that only proves the user is valid, not that its from your application.
这篇关于Android:如何以编程方式获取 SHA1/MD5 指纹?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
