我是flutter的新手,试图从谷歌为我的后端服务器访问auth令牌,但每次令牌都无效。
我正在使用FirebaseUser userawait user.getIdToken(),我会给我一个令牌,但当我尝试使用后端服务器以及https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=mytoken和https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=mytoken这个链接给了我CCD_ 3。
我不确定await user.getIdToken()这种方法是否适合获取令牌。其他人认为一切都好,我得到了所有的用户信息,除了正确的令牌。如果有其他方式,请告诉我。
以下是我的代码:
class LoginScreen extends StatefulWidget {
@override
_LoginScreenState createState() => new _LoginScreenState();
}
class _LoginScreenState extends State<LoginScreen> {
final FirebaseAuth auth = FirebaseAuth.instance;
final GoogleSignIn googleSignIn = new GoogleSignIn();
Future<http.Response> socailLogin(String authToken) async {
var url = "http://api.ourdomain.com/user/social/login/google";
final response = await http.post(url,
body: json.encode({"auth_token": authToken}),
headers: {HttpHeaders.CONTENT_TYPE: "application/json"});
return response;
}
Future<FirebaseUser> googleSignin() async {
final GoogleSignInAccount googleSignInAccount = await
googleSignIn.signIn();
final GoogleSignInAuthentication googleSignInAuthentication =
await googleSignInAccount.authentication;
final FirebaseUser firebaseUser = await auth.signInWithGoogle(
accessToken: googleSignInAuthentication.accessToken,
idToken: googleSignInAuthentication.idToken);
return firebaseUser;
}
@override
Widget build(BuildContext context) {
final logo = Hero(
tag: 'hero',
child: CircleAvatar(
backgroundColor: Colors.transparent,
radius: 48.0,
child: Image.asset('assets/logo.png'),
),
);
final googleloginButton = Padding(
padding: EdgeInsets.symmetric(vertical: 5.0),
child: Material(
borderRadius: BorderRadius.circular(30.0),
// shadowColor: Colors.lightBlueAccent.shade100,
// elevation: 5.0,
child: MaterialButton(
minWidth: 200.0,
height: 42.0,
onPressed: () async {
FirebaseUser user = await googleSignin();
String idToken = await user.getIdToken();
if (idToken != null) {
final http.Response response = await socailLogin(idToken);
if (response.statusCode == 200) {
var authToken = json.decode(response.body)['token'];
if (authToken != null) {
storedToken(authToken);
}
} else {
print("Response status: " + response.statusCode.toString());
print("Response body: " + response.body);
print("errror while request");
}
} else {
print("in else part not get token id from google");
}
Navigator.push(
context,
MaterialPageRoute(
builder: (context) => HomeScreen(),
),
);
},
color: Colors.red,
child: Row(
mainAxisAlignment: MainAxisAlignment.center,
mainAxisSize: MainAxisSize.min,
children: <Widget>[
Icon(
Icons.bug_report,
color: Colors.white,
),
Text('Connect with Google',
style: TextStyle(color: Colors.white)),
],
),
),
),
);
return Scaffold(
backgroundColor: Colors.white,
appBar: new AppBar(
centerTitle: true,
title: new Text("Login"),
),
body: Center(
child: ListView(
shrinkWrap: true,
padding: EdgeInsets.only(left: 24.0, right: 24.0),
children: <Widget>[
// logo,
googleloginButton,
facebookloginButton,
],
),
),
);
}
}
请帮帮我。
对于后端服务器端验证,必须使用可验证的ID令牌来安全地获取服务器端已登录用户的用户ID。参考:https://developers.google.com/identity/sign-in/web/backend-auth
目前的flutter谷歌登录插件似乎不支持获取用于后端服务器端OAuth验证的AuthCode。参考:https://github.com/flutter/flutter/issues/16613
我认为firebaseUser.getIdToken((不能用于Google API。
对于https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=mytoken,您可能需要通过googleSignInAuthentication.idToken
对于https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=mytoken,您可能需要通过googleSignInAuthentication.accessToken
获取用户id等用户信息并将其传递到后端服务器端很容易受到黑客攻击。您应该通过Google API客户端库验证后端服务器端的idToken。
我最近遇到了类似的问题。
这是我的代码:
Future<void> googleLogin() async {
final googleUser = await googleSignIn.signIn();
if (googleUser == null) {
print('no google user??');
return;
}
_user = googleUser;
final googleAuth = await googleUser.authentication;
final credential = GoogleAuthProvider.credential(
accessToken: googleAuth.accessToken);
try {
await FirebaseAuth.instance.signInWithCredential(credential);
} catch (e) {
print('could not sign in with goodle creds, and heres why: n $e');
}
}
我没有提供凭证变量中的所有信息。所以我所要做的就是在那里添加accessTokenId。因此,请更换:
final credential = GoogleAuthProvider.credential(
accessToken: googleAuth.accessToken);
带有:
final credential = GoogleAuthProvider.credential(
idToken: googleAuth.idToken, accessToken: googleAuth.accessToken);
当它被传给FirebaseAuth.instance时,它起了作用!这有多大帮助。