Java Oauth2使用Dagger2Android刷新
我正在尝试用Dagger2实现Oauth2登录。一旦访问\u令牌过期,我已经通过刷新\u令牌成功地生成了新的访问\u令牌,但是一旦刷新\u令牌也过期,验证器将进行无限循环 这是我的网络模块,我在OkHttp客户端中定义了身份验证程序和拦截器Java Oauth2使用Dagger2Android刷新,java,android,oauth-2.0,dagger-2,Java,Android,Oauth 2.0,Dagger 2,我正在尝试用Dagger2实现Oauth2登录。一旦访问\u令牌过期,我已经通过刷新\u令牌成功地生成了新的访问\u令牌,但是一旦刷新\u令牌也过期,验证器将进行无限循环 这是我的网络模块,我在OkHttp客户端中定义了身份验证程序和拦截器 @Module public class NetworkModule { @Provides @Singleton OkHttpClient provideOkHttpClient(TokenAut
@Module
public class NetworkModule
{
@Provides
@Singleton
OkHttpClient provideOkHttpClient(TokenAuthenticator tokenAuthenticator, TokenInceptor tokenInceptor, SharedManager sharedManager)
{
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient.Builder httpClient = new OkHttpClient.Builder();
// adding socket time for read/write/reconnect
httpClient.connectTimeout(30, TimeUnit.SECONDS);
httpClient.writeTimeout(30, TimeUnit.SECONDS);
httpClient.readTimeout(30, TimeUnit.SECONDS);
// setting the accept type of the request to application/json
httpClient.addNetworkInterceptor(new Interceptor()
{
@Override
public Response intercept(Chain chain) throws IOException {
Request.Builder requestBuilder = chain.request().newBuilder();
requestBuilder.header("Accept", "application/json");
return chain.proceed(requestBuilder.build());
}
});
httpClient.addInterceptor(logging).addInterceptor(tokenInceptor);
httpClient.authenticator(tokenAuthenticator);
return httpClient.build();
}
}
@Provides
Retrofit provideRetrofit(OkHttpClient okHttpClient){
return new Retrofit.Builder()
.baseUrl(ApiConstants.API_BASE_URL)
.addConverterFactory(GsonConverterFactory.create())
.addCallAdapterFactory(RxJava2CallAdapterFactory.create())
.client(okHttpClient)
.build();
}
@Provides
@Singleton
ApiService provideApiService(Retrofit retrofit, TokenService apiServiceHolder)
{
ApiService apiService = retrofit.create(ApiService.class);
apiServiceHolder.setApiService(apiService);
return apiService;
}
@Provides
@Singleton
public SharedPreferences providePreferences(Application application)
{
return application.getSharedPreferences(Constants.APP_PREFERENCES, Context.MODE_PRIVATE);
}
@Provides
@Singleton
public SharedManager provideSharedManager(SharedPreferences sharedPreferences)
{
return new SharedManager(sharedPreferences);
}
@Provides
@Singleton
public TokenAuthenticator tokenAuthenticator(TokenService tokenService, SharedManager sharedManager)
{
return new TokenAuthenticator(tokenService, sharedManager);
}
@Provides
@Singleton
public TokenInceptor tokenInceptor(SharedManager sharedManager)
{
return new TokenInceptor(sharedManager);
}
@Provides
@Singleton
public TokenService apiServiceHolder()
{
return new TokenService();
}
}
这是拦截器
@Singleton
public class TokenInceptor implements Interceptor
{
SharedManager sharedManager;
@Inject
public TokenInceptor(SharedManager sharedManager)
{
this.sharedManager = sharedManager;
}
@Override
public Response intercept(Chain chain) throws IOException
{
Request request = chain.request();
// we don't need header in login/register so, we remove the header from these api request endpoints
if(request.url().encodedPath().contains("/token/client") && request.method().equalsIgnoreCase("POST"))
{
return chain.proceed(request);
}
// then we add the authenticator to other api requests
HttpUrl url = request.url();
Request.Builder urlBuilder = request.newBuilder().addHeader(ApiConstants.AUTHORIZATION, sharedManager.getBearer()).url(url);
Request apiRequest = urlBuilder.build();
return chain.proceed(apiRequest);
}
}
这是验证器
@Singleton
public class TokenAuthenticator implements Authenticator
{
private SharedManager sharedManager;
private TokenService tokenService;
@Inject
public TokenAuthenticator(@NonNull TokenService apiServiceHolder, SharedManager sharedManager)
{
this.tokenService = apiServiceHolder;
this.sharedManager = sharedManager;
}
@Nullable
@Override
public Request authenticate(Route route, Response response) throws IOException
{
if(!response.request().header(ApiConstants.AUTHORIZATION).equals(sharedManager.getBearer()))
{
return null;
}
retrofit2.Response<TokenResponse> tokenResponse = tokenService.getApiService().refreshToken(sharedManager.getRefresh()).execute();
TokenResponse responseData = tokenResponse.body();
if(tokenResponse.isSuccessful() && responseData!= null)
{
TokenResponse responseRequest = (TokenResponse) tokenResponse.body();
String new_token = responseRequest.getAccess();
sharedManager.saveAccessToken(new_token);
return response.request().newBuilder().header(ApiConstants.AUTHORIZATION,sharedManager.getBearer()).build();
}
else
{
// As per my assumption, the refresh token might expire here
Log.e("refresh_token","expired");
}
return null;
}
}
这是SharedManager类
public class SharedManager
{
private SharedPreferences sharedPreferences;
@Inject
public SharedManager(SharedPreferences sharedPreferences)
{this.sharedPreferences = sharedPreferences;};
public void saveAccessToken(String token)
{
sharedPreferences.edit().putString(ApiConstants.ACCESS_TOKEN, token).commit();
}
public void saveRefreshToken(String token)
{
sharedPreferences.edit().putString(ApiConstants.REFRESH, token).commit();
}
public String getAccessToken()
{
return sharedPreferences.getString(ApiConstants.ACCESS_TOKEN, "");
}
public String getRefresh()
{
return sharedPreferences.getString(ApiConstants.REFRESH, "");
}
public String getBearer()
{
return "Bearer "+getAccessToken();
}
public void clearAll()
{
sharedPreferences.edit().clear().commit();
}
}
下面是ApiService接口
public interface ApiService
{
// client login
@POST("token/client")
@FormUrlEncoded
Call<ResponseBody> loginUser(@Field("email") String email,
@Field("password") String password);
// method for refresh token
@POST("token/refresh")
@FormUrlEncoded
Call<TokenResponse> refreshToken(@Field("refresh") String refresh);
// get agent
@GET("agent")
Call<ResponseBody> getAgentTour();
}
公共接口服务
{
//客户端登录
@POST(“令牌/客户端”)
@FormUrlEncoded
调用loginUser(@Field(“email”)字符串email,
@字段(“密码”)字符串(密码);
//刷新令牌的方法
@POST(“令牌/刷新”)
@FormUrlEncoded
调用refreshToken(@Field(“refresh”)字符串刷新);
//获取代理
@获取(“代理”)
调用getAgentTour();
}
有人能在这里找出代码中的错误吗?在堆栈中过帐时,代码结构发生了更改。当刷新令牌最终过期时,标准刷新令牌授予消息将返回一个错误代码invalid\u grant
{
"error": "invalid_grant",
"error_description": "An optional description message that varies between vendors"
}
此时,您应该做两件事:
- 对于任何飞行中的API调用,抛出一个异常,其中包含一个错误代码,如“login_required”,您的错误处理代码可以静默忽略该错误代码
- 然后执行登录重定向以启动新的用户会话
当然,您需要将这种行为转化为您自己基于匕首的编码首选项…是的。当在POSTMAN API中检查时,响应返回{“detail”:“Token is invalid or expired”,“code”:“Token\u not\u valid”},但是我的代码没有返回任何错误,也没有任何响应代码。
{
"error": "invalid_grant",
"error_description": "An optional description message that varies between vendors"
}