Android (Google login): how to verify the integrity of the ID token on the server?
•
Android
I use this method to get ID token:
GoogleSignInAccount acct = googleSignInResult.getSignInAccount();
String toekn_id = acct.getIdToken();
Now, how do I verify the integrity of the ID token on the server?
Google:
resolvent:
From document: https://developers.google.com/identity/sign-in/web/backend-auth#using -a-google-api-client-library
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
...
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
.setAudience(Arrays.asList(CLIENT_ID))
// If you retrieved the token on Android using the Play Services 8.3 API or newer, set
// the issuer to "https://accounts.google.com". Otherwise, set the issuer to
// "accounts.google.com". If you need to verify tokens from multiple sources, build
// a GoogleIdTokenVerifier for each issuer and try them both.
.setIssuer("https://accounts.google.com")
.build();
// (Receive idTokenString by HTTPS POST)
GoogleIdToken idToken = verifier.verify(idTokenString);
if (idToken != null) {
System.out.println("Valid ID token.");
} else {
System.out.println("Invalid ID token.");
}
You can read the API documentation here: http://javadoc.google-api-java-client.googlecode.com/hg/1.18.0-rc/com/google/api/client/googleapis/auth/oauth2/GoogleIdTokenVerifier.html
To use these APIs, add the following to build.gradle:
repositories {
mavenCentral()
}
dependencies {
compile 'com.google.api-client:google-api-client:1.20.0'
}
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
二维码