我使用以下代码在我的Android应用程序中使用Google OAuth2登录:
在我的登录活动onCreate方法我有:
googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(new Scope(Scopes.PLUS_LOGIN))
//requestIdToken takes the google cloud console's project's WEB (not Android) openID client ID.
.requestIdToken("my client id")
.requestEmail()
.build();
SignInButton signInButton = (SignInButton) oAuth.findViewById(R.id.sign_in_button);
signInButton.setSize(SignInButton.SIZE_WIDE);
signInButton.setScopes(googleSignInOptions.getScopeArray());
googleApiClient = new GoogleApiClient.Builder(oAuth)
.enableAutoManage(oAuth, new GoogleApiClient.OnConnectionFailedListener() {
@Override
public void onConnectionFailed(@NonNull ConnectionResult connectionResult) {
Log.d("GoogleOAuth", "Connection failedn" + connectionResult.getErrorMessage() );
Toast.makeText(context, "Failed to connect to Google", Toast.LENGTH_LONG).show();
}
})
.addApi(Auth.GOOGLE_SIGN_IN_API, googleSignInOptions)
.build();
我注册了一个onClick监听器到登录按钮,它调用:
Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(googleApiClient);
activity.startActivityForResult(signInIntent, GOOGLE_SIGN_IN);
我得到活动结果:
public void onActivityResult(OAuth oAuth, Context context, int requestCode, int resultCode, Intent data) {
// Result returned from launching the Intent from GoogleSignInApi.getSignInIntent(...);
if (requestCode == GOOGLE_SIGN_IN) {
GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
if (result.isSuccess()) {
GoogleSignInAccount account = result.getSignInAccount();
String idToken = account.getIdToken(); //this has a value
Map<String, String> logins = new HashMap<String, String>();
logins.put("accounts.google.com", token);
AWSCommunicator.setLogins(oAuth, logins, account);
credentialsProvider.setLogins(logins);
}
else {
Toast.makeText(context, "failed to login" + result.getStatus().toString(), Toast.LENGTH_LONG).show();
}
} else {
Log.d("GoogleAuth", "Bad requestCode: " + requestCode);
}
}
现在一切都运行得很好,一切似乎都很好。以下是我看到的一些日志。
D/CognitoCachingCredentialsProvider: Identity id is changed
D/CognitoCachingCredentialsProvider: Saving identity id to SharedPreferences
D/CognitoCachingCredentialsProvider: Clearing credentials from SharedPreferences
D/CognitoCachingCredentialsProvider: Saving credentials to SharedPreferences
D/CognitoCachingCredentialsProvider: Saving identity id to SharedPreferences
一切都很好。我通过身份验证,我可以对我的API网关端点进行身份验证调用(使用AWS API网关自动生成的SDK)。
现在一个小时后,我试着打电话,那个令牌已经过期了。我如何获得一个新的令牌?那我怎么刷新Cognito呢?
您应该能够从google提供的刷新令牌中获得新的Id令牌。这个医生可能会有帮助。https://developers.google.com/api-client-library/java/google-api-java-client/oauth2
要刷新Cognito凭据,您只需要使用来自IdP(在本例中为Google Oauth)的最新令牌使credentialsProvider保持最新即可。一旦凭据过期,如果CognitoCachingCredentialsProvider有最新的令牌,它将自动刷新。