Android:如何通过Google Sign-In API获取刷新令牌? [英] Android: How to get Refresh Token by Google Sign-In API?
问题描述
目前,我正在研究用户可以通过Google登录的应用程序。作为登录过程的一部分,我们需要发送Google ACCESS TOKEN和REFRESH TOKEN到服务器端。
我通过以下方法检索访问令牌,
mAccountName = googleSignInAccount.getEmail();
String scopes =oauth2:profile email;
String token = null;
尝试{
token = GoogleAuthUtil.getToken(activity.getApplicationContext(),mAccountName,scopes);
} catch(IOException e){
Logger.eLog(TAG,e.getMessage());
}
从中访问访问令牌的GoogleAuthUtil类没有函数刷新令牌。那么如何访问刷新令牌?提前致谢!
解决方案您应该使用通过Auth.GOOGLE_SIGN_IN_API访问服务器认证码流:在Android客户端上获取服务器认证码,发送到您的服务器,服务器交换代码刷新和访问令牌(与秘密)。此博文中有更多详细信息以及。
另外,如果您现在使用GoogleAuthUtil.getToken作为访问令牌,您确实希望查看这个 Google登录最佳实践博客文章,了解如何迁移到推荐流程以确保安全性和最佳用户体验。
Currently, I am working on the application where user able to login with Google. As part of the login process, we need to send Google ACCESS TOKEN and REFRESH TOKEN to server end.
I am retrieving access token by the following method,
mAccountName = googleSignInAccount.getEmail();
String scopes = "oauth2:profile email";
String token = null;
try {
token = GoogleAuthUtil.getToken(activity.getApplicationContext(), mAccountName, scopes);
} catch (IOException e) {
Logger.eLog(TAG, e.getMessage());
}
GoogleAuthUtil class from which I am accessing access token don't have a function for refresh token. So how to access Refresh Token? Thanks in advance!
You should use the server auth code flow via Auth.GOOGLE_SIGN_IN_API: get an server auth code on Android client, send to your server, server exchanges the code for refresh and access token (with a secret). There are more details in this blog post as well.
Also, if you are using GoogleAuthUtil.getToken for access token now, you do want to check out this Google Sign-In best practice blog post to see how to migrate to the recommended flow to ensure security and best UX.
这篇关于Android:如何通过Google Sign-In API获取刷新令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!