我们当前能够使用弃用的方法在我们的Android客户端和服务器之间对请求进行身份验证:
String scope = "audience:server:client_id:" + SERVER_CLIENT_ID;
String account = getAnyGoogleAccountFromDevice();
String idToken = GoogleAuthUtil.getToken(context, account, scope);
在服务器端,我们使用Google的证书验证idToken
并验证受众是我们的客户端。
这效果很好,但是Google似乎已经弃用了这种方法,并希望开发人员从PlayServices 8.3 中切换到新的登录API:
https://android-developers.googleblog.com/2015/11/improvements-to-sign-in-in-with-google.html
https://developers.googleblog.com/2016/11/moving-to-google-sign-in-sign-in-for-a-better-user-user-experience-and-perience-and-thigher-conversion-rates.html
但是,在此处和此处解释的新文档方法不允许使用一些Google帐户,而是要求用户登录该应用程序。我们希望有一个透明的方式来验证后端,而没有任何用户干预或UI ,我们不需要用户的姓名/电子邮件/个人资料信息来自我们自己的客户。
有没有办法使用新的Google登录API?
如果您已经知道用户的电子邮件地址,则可以使用以下内容刷新ID令牌:
// Run on a non-UI thread
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.setAccountName(emailAddress)
.requestIdToken(SERVER_CLIENT_ID)
.build();
GoogleApiClient client = new Builder(context)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso)
.build();
ConnectionResult conn = client.blockingConnect();
if (!conn.isSuccess()) {
Log.e(TAG, "Couldn't connect GoogleApiClient");
return;
}
GoogleSignInResult result = Auth.GoogleSignInApi.silentSignIn(client).await();
GoogleSignInAccount acct = result.getSignInAccount();
Log.d(TAG, "ID Token: " + acct.getIdToken());
client.disconnect();
使用史蒂文(Steven)的评论,我能够在没有用户干预的情况下使silentSignIn
工作,这是代码:
// Needs to be running on a non-UI thread
String account = getAnyGoogleAccountFromDevice();
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.setAccountName(account)
.requestIdToken(SERVER_CLIENT_ID)
.build();
GoogleApiClient client = new Builder(context)
.addApi(Auth.GOOGLE_SIGN_IN_API, gso)
.build();
ConnectionResult conn = client.blockingConnect();
if (!conn.isSuccess()) {
Log.e(TAG, "Couldn't connect GoogleApiClient");
return;
}
GoogleSignInResult result = Auth.GoogleSignInApi.silentSignIn(client).await();
GoogleSignInAccount acct = result.getSignInAccount();
Log.d(TAG, "ID Token: " + acct.getIdToken());
client.disconnect();