Java GoogleIdTokenVerifier不返回名称、图片等
我们正在使用goole客户端api库从后端验证google帐户。此实现使用应用程序引擎和数据存储在Google云平台(GCP)上运行 到目前为止,我们看到的是GoogleIdTokenVerifier可以工作,但只返回电子邮件和uid以及令牌签名 使用的令牌和uid在针对servlet运行时会返回所有概要文件信息,但不会通过我们的应用程序引擎端点返回 以下是使用的代码:Java GoogleIdTokenVerifier不返回名称、图片等,java,google-app-engine,google-oauth,google-api-java-client,Java,Google App Engine,Google Oauth,Google Api Java Client,我们正在使用goole客户端api库从后端验证google帐户。此实现使用应用程序引擎和数据存储在Google云平台(GCP)上运行 到目前为止,我们看到的是GoogleIdTokenVerifier可以工作,但只返回电子邮件和uid以及令牌签名 使用的令牌和uid在针对servlet运行时会返回所有概要文件信息,但不会通过我们的应用程序引擎端点返回 以下是使用的代码: import com.google.api.client.googleapis.auth.oauth2.GoogleCrede
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.extensions.appengine.http.UrlFetchTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Collections;
import java.util.logging.Logger;
public class GoogleVerifier implements TokenVerifier {
final Logger logger = Logger.getLogger(GoogleVerifier.class.getName());
private static GoogleVerifier instance = null;
private String privAppId;
private UrlFetchTransport httpTransport; //library required to run on GCP
private JsonFactory jsonFactory;
private GoogleVerifier() {
}
private static GoogleVerifier getInstance() {
if (instance == null) {
instance = new GoogleVerifier();
}
return instance;
}
public static void setAppId(String appId) {
getInstance().setPrivAppId(appId);
getInstance().setHttpTransport(new UrlFetchTransport());
getInstance().setJsonFactory(new JacksonFactory());
}
public static String[] verify(String token, String uid) {
return getInstance().verifyPrivate(token, uid);
}
public String[] verifyPrivate(String token, String uid) {
@SuppressWarnings("unused")
GoogleCredential credential = new GoogleCredential().setAccessToken(token);
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(httpTransport, jsonFactory)
.setAudience(Collections.singletonList(privAppId))
.build();
String[] payloadInfo = new String[5];
try {
GoogleIdToken idToken = verifier.verify(token);
if (idToken != null) {
GoogleIdToken.Payload payload = idToken.getPayload();
if (payload.getSubject().equals(uid)) {
logger.info("Matching google id: " + uid);
payloadInfo[0] = payload.getSubject();
payloadInfo[1] = payload.get("given_name").toString();
payloadInfo[2] = payload.get("family_name").toString();
payloadInfo[3] = payload.get("picture").toString();
payloadInfo[4] = payload.getEmail();
return payloadInfo;
} else {
logger.info("Mismatching google id: " + uid);
return payloadInfo;
}
}
}
catch (Exception e) {
e.printStackTrace();
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
e.printStackTrace(pw);
logger.warning(sw.toString());
return payloadInfo;
}
return payloadInfo;
}
private void setPrivAppId(String appId) {
this.privAppId = appId;
}
private void setHttpTransport(UrlFetchTransport httpTransport) {
this.httpTransport = httpTransport;
}
private void setJsonFactory(JsonFactory jsonFactory) {
this.jsonFactory = jsonFactory;
}
}
以下是我们的应用程序引擎端点:
@ApiMethod(name = "loginSocial", path = "loginSocial", httpMethod = HttpMethod.PUT)
public Response loginSocial(@Named("token") String token,
@Named("uid") String uid,
@Named("socialWebSite") SOCIALWEBSITE socialWebSite,
HttpServletRequest request) throws DatabaseException, IOException {
Response response = new Response();
//make sure parameters and not null or empty
if (token != null && uid != null && socialWebSite != null &&
!token.trim().isEmpty() && !uid.trim().isEmpty()){
String [] userInfo = new String[5];
//validate token and retrieve info first
if (socialWebSite.equals(SOCIALWEBSITE.GOOGLE)){
GoogleVerifier.setAppId(APP_ID);
userInfo = GoogleVerifier.verify(token, uid);
}else if(socialWebSite.equals(APP_ID);
userInfo = FacebookVerifier.verify(token, uid);
}
}
}
谢谢 我最终使用了另一个库,它更简单,提供了相同的信息
用户身份验证需要哪些范围?简短回答:电子邮件和配置文件。长回答:用户当前连接到通过servlet的网页。这个servlet能够检索很少的东西:电子邮件、配置文件、uid、令牌等等。。。当尝试使用相同的应用ID、uid和令牌通过应用引擎检索相同的信息时,这些方法不会返回配置文件信息。我颠倒了方向-抱歉。在EP中,您应该在进行身份验证时添加概要文件范围。