初次验证后执行Google联合登录/ oAuth2 [英] Performing Google Federated Login/oAuth2 after initial Authentication

问题描述

我试图支持Hybrid联合登录和oAuth2（使用此文档），即可获得：

1. 支持在我的网站上使用您的Google帐户登录。也就是说，从文档：您也可以选择使用Google的身份验证系统作为为应用程序外包用户身份验证的方式。这可以消除创建，维护和保护用户名和密码存储区的需要。


2. 访问用户的Google Analytics（分析）。

以下是我完成的步骤。

1. 我向 https://accounts.google.com/o/oauth2/auth 以及我想要访问的范围（Google Analytics）。


2. 我将它重定向到Google所在的位置我的图标和我请求访问的范围。我授予访问权限。


3. 我重定向回到回调页面。


4. 我得到令牌（访问和刷新）以及巨大id_token字符串（我不知道）并将所有这些信息存储在我的数据库中。


5. 然后我打电话给 https://www.googleapis.com/ oauth2 / v1 / userinfo？access_token = xxxyyyzzz 来获取用户的电子邮件和名称，并将这些信息存储在我的数据库中。我还注意到它返回了一个 id 字段，据我所知，字段不会改变，我认为它是某种唯一的标识符。 我也存储了这个文件。
我的授权访问您的Google帐户 Google帐户，它显示我的网站可以访问Google Analytics（分析），但它没有说使用您的Google帐户登录，这是我想要完成的。逻辑会启用使用您的Google帐户登录。我做了什么错误？那么适用于Google的呼叫以便用户可以登录到我的网站？

解决方案

如果您的网站可以使用OAuth访问联系人或Google Analytics等内容，则永远不会看到使用您的Google帐户登录。当然，只有在您使用OpenID（而不是OAuth）仅用于登录时。





具体而言，OAuth用于让您访问API以创建/更新/删除数据，而OpenID则用于登录。




I am trying to support "Hybrid" Federated Login and oAuth2 (using logic from this document) for a webservice which will:

1. support Sign in using your Google account on my site. That is, from the documentation: You can also choose to use Google's authentication system as a way to outsource user authentication for your application. This can remove the need to create, maintain, and secure a username and password store.
2. Access the user's Google Analytics.

Here are the steps I have done.

1. I form my request to https://accounts.google.com/o/oauth2/auth with the scopes (Google Analytics) I want access to.
2. I Get redirected to google where it has my icon and which scopes I am requesting access to. I grant access.
3. I get redirected back to the callback page.
4. I get the tokens (access and refresh), as well as a huge id_token string (which I don't know) and store all of this information in my database.
5. I then make a call to https://www.googleapis.com/oauth2/v1/userinfo?access_token=xxxyyyzzz to get the user's email and name and store this information in my database too. I also notice it returns a id field which to my knowledge never changes and I presume is some sort of unique identifier. I store this too.

Question: If I go to Authorized Access to your Google Account section in my Google account, it shows that my site has access to "Google Analytics. BUT, it does not say Sign in using your Google account. This is what I am trying to accomplish. I would have thought using the logic would enable Sign in using your Google account. What am I doing wrong? And what would be the applicable call to google so that users can sign in to my site?

解决方案

If your site has access to something like your Contacts or Analytics using OAuth, you'll never see "Sign in using your Google account". I'm pretty sure that's only if you use OpenID (not OAuth) only for sign-in.

Specifically, OAuth is used for giving you access to APIs to create/update/delete data, while OpenID is for signing in.

这篇关于初次验证后执行Google联合登录/ oAuth2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！