Google Drive Android API和跨客户端授权 [英] Google Drive Android API and Cross Client Authorization
问题描述
我使用Google云端硬盘Android API,让用户可以将Android设备上的Google云端硬盘上的文件上传到我的服务器。
我现在想更改此设置,以允许我的服务器使用跨客户端授权直接访问Google Drive用户,这意味着我必须生成一个 ID令牌
使用 GoogleAuthUtil.getToken
。这就是一切都离开了轨道。为了生成此令牌,我需要一个 Account
对象。
目前,我设置了 GoogleApiClient
像这样:
mGoogleApiClient = new GoogleApiClient.Builder(getContext())
.addApi(Drive.API)
.addScope(Drive.SCOPE_FILE)
.addConnectionCallbacks(this)
.addOnConnectionFailedListener(this)
.build();
这很好,每隔一段时间它会显示一个帐户选择器,用户可以选择帐户与连接。全部由框架管理。但无法访问用户选择连接的帐户
!
相反,我必须管理它自己使用:
Intent intent = AccountPicker.newChooseAccountIntent(null,null,new String [] {com.google },
false,null,null,null,null);
startActivityForResult(intent,RC_ACCOUNT_PICKER);
然后在 onActivityResult
帐户使用:
帐户帐户=新帐户(intent.getExtras()。getString(AccountManager.KEY_ACCOUNT_NAME),
。intent.getExtras()的getString(AccountManager.KEY_ACCOUNT_TYPE));
现在,由于我有一个账户
对象,我可以明确地使用它连接:
mGoogleApiClient = new GoogleApiClient.Builder(getContext())
.addApi (Drive.API)
.addScope(Drive.SCOPE_FILE)
.setAccountName(mAccount.name)//账户名称!
.addConnectionCallbacks(this)
.addOnConnectionFailedListener(this)
.build();
这是我唯一的选择吗,真的没有办法让帐户
使用我的第一个解决方案选择的用户?
-
稍后,当试图使用以下命令生成我的 ID Token
时:
String scope = String .format(oauth2:server:client_id:%s:api_scope:%s,
12345.apps.googleusercontent.com,
https://www.googleapis.com/auth/ drive.file);
String token = GoogleAuthUtil.getToken(getContext(),mAccount,scope);
我仍然收到一个 UserRecoverableAuthException
其中即使我使用与连接时相同的帐户和相同的身份验证范围,我仍需要获得用户的另一个权限。
当所有这一切都照顾好后,我可以再次运行相同的代码,最后得到我的 ID令牌
。
-
是否存在一些我基本上被误解的内容,或者这实际上是应该如何工作的?
您不应再使用 GoogleAuthUtil.getToken()
,如这篇博文,因为将这些标记传递给您的服务器是不安全的。 / p>
相反,您应该使用通过 Google登录启用服务器端访问和使用请求 这可以避免双重提示用户,不会使用 I use Google Drive Android API for letting users upload files from Google Drive on their Android device to my servers.
I would now like to change this setup to allow my servers to have direct access to the users Google Drive, using Cross Client Authorization, which means that I have to generate an Currently, I'm setting up the This works great, every now and then it shows an account picker where the user can choose what account to connect with. All managed by the framework. But there is no way to access the Instead, I have to manage it myself, using: And in And now, since I have an Is this my only option, is there really no way to get the -- Later on, when trying to generate my I'm still getting an -- Is there something I've fundamentally misunderstood or this is really how it's supposed to work? You shouldn't use Instead, you should use Enable Server-Side Access via Google Sign In and use the requestServerAuthCode() method. This avoids double prompting the user, does not use the 这篇关于Google Drive Android API和跨客户端授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
GET_ACCOUNTS
权限,并为您提供单一用户流量登录。ID Token
using GoogleAuthUtil.getToken
. And this is were everything go off the rails. In order to generate this token I need an Account
object.GoogleApiClient
like this:mGoogleApiClient = new GoogleApiClient.Builder(getContext())
.addApi(Drive.API)
.addScope(Drive.SCOPE_FILE)
.addConnectionCallbacks(this)
.addOnConnectionFailedListener(this)
.build();
Account
the user chose to connect with!Intent intent = AccountPicker.newChooseAccountIntent(null, null, new String[]{"com.google"},
false, null, null, null, null);
startActivityForResult(intent, RC_ACCOUNT_PICKER);
onActivityResult
I can get the selected account using:Account account = new Account(intent.getExtras().getString(AccountManager.KEY_ACCOUNT_NAME),
intent.getExtras().getString(AccountManager.KEY_ACCOUNT_TYPE));
Account
object, I can connect explicitly using that:mGoogleApiClient = new GoogleApiClient.Builder(getContext())
.addApi(Drive.API)
.addScope(Drive.SCOPE_FILE)
.setAccountName(mAccount.name) // Account name!
.addConnectionCallbacks(this)
.addOnConnectionFailedListener(this)
.build();
Account
the user selected using my first solution?ID Token
using:String scope = String.format("oauth2:server:client_id:%s:api_scope:%s",
"12345.apps.googleusercontent.com",
"https://www.googleapis.com/auth/drive.file");
String token = GoogleAuthUtil.getToken(getContext(), mAccount, scope);
UserRecoverableAuthException
where I need to be granted yet another permission from the user, even though I'm using the same account and the same auth scope as when I connect.
When all that is taken care of, I can run the same code again and finally get my ID Token
.GoogleAuthUtil.getToken()
anymore as explained in this blog post as it is unsafe to pass those tokens to your server.GET_ACCOUNTS
permission, and gives you a single user flow for logging in.