Google 验证 IdToken 时出现身份工具包错误(客户端:Android,后端:Node.js)
Google Identity toolkit error on verifying IdToken (Client: Android, Backend: Node.js)
我正在使用 android 的 Google 身份工具包,让我的应用程序的用户无需记住新密码即可 register/login 并省去麻烦安全地保存所有密码。
这是我在 Android 上的代码,它基本上将带有 POST 的 IdToken 字符串发送到我的 Node.js 服务器。效果很好,IdTokenString 使用 https 发送到我的服务器。
// Step 1: Create a GitkitClient.
// The configurations are set in the AndroidManifest.xml. You can also set or overwrite them
// by calling the corresponding setters on the GitkitClient builder.
//
client = GitkitClient.newBuilder(this, new GitkitClient.SignInCallbacks() {
// Implement the onSignIn method of GitkitClient.SignInCallbacks interface.
// This method is called when the sign-in process succeeds. A Gitkit IdToken and the signed
// in account information are passed to the callback.
@Override
public void onSignIn(IdToken idToken, GitkitUser user) {
showProfilePage(idToken, user);
// Now use the idToken to create a session for your user.
// To do so, you should exchange the idToken for either a Session Token or Cookie
// from your server.
// Finally, save the Session Token or Cookie to maintain your user's session.
final JSONObject sendJson = new JSONObject();
try {
sendJson.put("tokenString", idToken.getTokenString());
} catch (JSONException ex) {
ex.printStackTrace();
}
new AsyncTask<Void, Void, Void>() {
@Override
protected Void doInBackground(Void... arg) {
try {
//Retrieve the logintoken from the server
HttpUtils.postSecure(Util.Constants.httpsServerUrl + "/registerwithtoken", sendJson.toString().getBytes("UTF-8"));
} catch (IOException ex) {
ex.printStackTrace();
}
return null;
}
@Override
protected void onPostExecute(Void nothing) {
}
}.execute();
在我的 Node.js 服务器上,我使用以下代码检索 IdToken 字符串:
function registerWithToken(req, res) {
var tokenString = req.body.tokenString;
if(typeof tokenString == "undefined") {
res.status(500).send('Tokenstring is undefined!');
}
console.log("INCOMING REGISTER WITH TOKEN");
console.log(req.body);
var decodedJWT = jwt.decode(tokenString, {complete: true});
var idToken = decodedJWT.payload.toString();
console.log(idToken);
gitkitClient.verifyGitkitToken(idToken, function (err, resp) {
if (err) {
console.log("INVALID TOKEN!! "+err);
res.status(500).send('Invalid token: ' + err);
} else {
//valid token!
console.log("VALID TOKEN SEND JWT BACK TO ANDROID");
}
});
}
我现在的问题是 node.js gitkitClient 总是 returns Token 无效,但我不知道为什么。
我的 idToken 似乎是正确的:
{ iss: 'https://identitytoolkit.google.com/',
aud: '*devConsoleNumbers*.apps.googleusercontent.com',
iat: 1449712391,
exp: 1450921991,
user_id: '*numbers*',
email: '*mail*',
provider_id: 'google.com',
verified: true,
display_name: '*John Doe*' }
错误行打印到控制台:
INVALID TOKEN!! Unable to verify the ID Token: Wrong number of segments in token: [object Object]
我不知道为什么验证失败。
这个问题有解决办法吗?
gitkitClient.verifyGitkitToken() 需要原始标记字符串作为第一个参数:
gitkitClient.verifyGitkitToken(req.body.tokenString, function (err, resp){...});
我正在使用 android 的 Google 身份工具包,让我的应用程序的用户无需记住新密码即可 register/login 并省去麻烦安全地保存所有密码。
这是我在 Android 上的代码,它基本上将带有 POST 的 IdToken 字符串发送到我的 Node.js 服务器。效果很好,IdTokenString 使用 https 发送到我的服务器。
// Step 1: Create a GitkitClient.
// The configurations are set in the AndroidManifest.xml. You can also set or overwrite them
// by calling the corresponding setters on the GitkitClient builder.
//
client = GitkitClient.newBuilder(this, new GitkitClient.SignInCallbacks() {
// Implement the onSignIn method of GitkitClient.SignInCallbacks interface.
// This method is called when the sign-in process succeeds. A Gitkit IdToken and the signed
// in account information are passed to the callback.
@Override
public void onSignIn(IdToken idToken, GitkitUser user) {
showProfilePage(idToken, user);
// Now use the idToken to create a session for your user.
// To do so, you should exchange the idToken for either a Session Token or Cookie
// from your server.
// Finally, save the Session Token or Cookie to maintain your user's session.
final JSONObject sendJson = new JSONObject();
try {
sendJson.put("tokenString", idToken.getTokenString());
} catch (JSONException ex) {
ex.printStackTrace();
}
new AsyncTask<Void, Void, Void>() {
@Override
protected Void doInBackground(Void... arg) {
try {
//Retrieve the logintoken from the server
HttpUtils.postSecure(Util.Constants.httpsServerUrl + "/registerwithtoken", sendJson.toString().getBytes("UTF-8"));
} catch (IOException ex) {
ex.printStackTrace();
}
return null;
}
@Override
protected void onPostExecute(Void nothing) {
}
}.execute();
在我的 Node.js 服务器上,我使用以下代码检索 IdToken 字符串:
function registerWithToken(req, res) {
var tokenString = req.body.tokenString;
if(typeof tokenString == "undefined") {
res.status(500).send('Tokenstring is undefined!');
}
console.log("INCOMING REGISTER WITH TOKEN");
console.log(req.body);
var decodedJWT = jwt.decode(tokenString, {complete: true});
var idToken = decodedJWT.payload.toString();
console.log(idToken);
gitkitClient.verifyGitkitToken(idToken, function (err, resp) {
if (err) {
console.log("INVALID TOKEN!! "+err);
res.status(500).send('Invalid token: ' + err);
} else {
//valid token!
console.log("VALID TOKEN SEND JWT BACK TO ANDROID");
}
});
}
我现在的问题是 node.js gitkitClient 总是 returns Token 无效,但我不知道为什么。
我的 idToken 似乎是正确的:
{ iss: 'https://identitytoolkit.google.com/',
aud: '*devConsoleNumbers*.apps.googleusercontent.com',
iat: 1449712391,
exp: 1450921991,
user_id: '*numbers*',
email: '*mail*',
provider_id: 'google.com',
verified: true,
display_name: '*John Doe*' }
错误行打印到控制台:
INVALID TOKEN!! Unable to verify the ID Token: Wrong number of segments in token: [object Object]
我不知道为什么验证失败。
这个问题有解决办法吗?
gitkitClient.verifyGitkitToken() 需要原始标记字符串作为第一个参数:
gitkitClient.verifyGitkitToken(req.body.tokenString, function (err, resp){...});