如何从凭据对象获取用户 ID 令牌?
How do I get the User ID Token from a Credential object?
我一直在关注 this tutorial to include Google Sign-in support to my Desktop app. The library I'm using is this one。
一切正常,这是 authorize() 方法的实现:
public Credential authorize() throws IOException {
// Load client secrets.
InputStream in = GoogleLogin.class.getResourceAsStream("/google/client_secret.json");
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(DATA_STORE_FACTORY)
.setAccessType("offline")
.build();
Credential credential = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
System.out.println("Credentials saved to " + DATA_STORE_DIR.getAbsolutePath());
return credential;
}
但是,从 Credential 对象,我只能通过调用 Credential.getAccessToken() 来检索访问令牌,但我需要的是 id token。如何在用户通过身份验证后从用户那里检索 id_token?
开始赏金后我真的明白了!可以通过继承 AuthorizedCodeInstalledApp 并提供您自己的 authorize()
实现来获取 Id Token
这是我所做的...
public class GoogleAuthCodeInstalledApp extends AuthorizationCodeInstalledApp {
public GoogleAuthCodeInstalledApp(AuthorizationCodeFlow flow, VerificationCodeReceiver receiver) {
super(flow, receiver);
}
@Override
public Credential authorize(String userId) throws IOException {
try {
Credential credential = getFlow().loadCredential(userId);
if (credential != null
&& (credential.getRefreshToken() != null
|| credential.getExpiresInSeconds() == null
|| credential.getExpiresInSeconds() > 60)) {
return credential;
}
// open in browser
String redirectUri = getReceiver().getRedirectUri();
AuthorizationCodeRequestUrl authorizationUrl
= getFlow().newAuthorizationUrl().setRedirectUri(redirectUri);
onAuthorization(authorizationUrl);
// receive authorization code and exchange it for an access token
String code = getReceiver().waitForCode();
GoogleTokenResponse response = (GoogleTokenResponse) getFlow().newTokenRequest(code).setRedirectUri(redirectUri).execute();
System.out.println(response.getIdToken()); //YES, THIS IS THE ID TOKEN!!!
// store credential and return it
return getFlow().createAndStoreCredential(response, userId);
} finally {
getReceiver().stop();
}
}
}
在你这样做之后,而不是
Credential credential = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
使用:
Credential credential = new GoogleAuthCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
更新 2018-05-29 - 我找到了更好、更可靠的解决方案
我发现这个解决方案通过在我们的 GoogleAuthorizationCodeFlow.Builder.
中添加一个 CredentialCreatedListener 和一个 CredentialRefreshListener 来工作
示例代码如下:
public Credential authorize() throws IOException {
InputStream in = GoogleLogin.class.getResourceAsStream("/google/client_secret.json");
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(DATA_STORE_FACTORY)
.setAccessType("offline")
.setCredentialCreatedListener(new AuthorizationCodeFlow.CredentialCreatedListener() {
@Override
public void onCredentialCreated(Credential credential, TokenResponse tokenResponse) throws IOException {
DATA_STORE_FACTORY.getDataStore("user").set("id_token", tokenResponse.get("id_token").toString());
}
})
.addRefreshListener(new CredentialRefreshListener() {
@Override
public void onTokenResponse(Credential credential, TokenResponse tokenResponse) throws IOException {
DATA_STORE_FACTORY.getDataStore("user").set("id_token", tokenResponse.get("id_token").toString());
}
@Override
public void onTokenErrorResponse(Credential credential, TokenErrorResponse tokenErrorResponse) throws IOException {
//handle token error response
}
})
.build();
Credential credential = new AuthorizationCodeInstalledApp(flow, serverReceiver).authorize("user");
System.out.println("Credentials saved to " + DATA_STORE_DIR.getAbsolutePath());
return credential;
}
代码差不多 self-explanatory。每当通过调用 credential.refreshToken() 创建或刷新新的 Credential 时,监听器将收到通知,并且 id_token 将从 TokenResponse(实际上是 GoogleTokenResponse 包含 id_token 字段的对象),我们将使用默认的 DataStoreFactory 来保存 id_token。 id_token 现在将保留在本地,并且每当调用 credential.refreshToken() 时都会由侦听器自动更新。
我一直在关注 this tutorial to include Google Sign-in support to my Desktop app. The library I'm using is this one。
一切正常,这是 authorize() 方法的实现:
public Credential authorize() throws IOException {
// Load client secrets.
InputStream in = GoogleLogin.class.getResourceAsStream("/google/client_secret.json");
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(DATA_STORE_FACTORY)
.setAccessType("offline")
.build();
Credential credential = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
System.out.println("Credentials saved to " + DATA_STORE_DIR.getAbsolutePath());
return credential;
}
但是,从 Credential 对象,我只能通过调用 Credential.getAccessToken() 来检索访问令牌,但我需要的是 id token。如何在用户通过身份验证后从用户那里检索 id_token?
开始赏金后我真的明白了!可以通过继承 AuthorizedCodeInstalledApp 并提供您自己的 authorize()
这是我所做的...
public class GoogleAuthCodeInstalledApp extends AuthorizationCodeInstalledApp {
public GoogleAuthCodeInstalledApp(AuthorizationCodeFlow flow, VerificationCodeReceiver receiver) {
super(flow, receiver);
}
@Override
public Credential authorize(String userId) throws IOException {
try {
Credential credential = getFlow().loadCredential(userId);
if (credential != null
&& (credential.getRefreshToken() != null
|| credential.getExpiresInSeconds() == null
|| credential.getExpiresInSeconds() > 60)) {
return credential;
}
// open in browser
String redirectUri = getReceiver().getRedirectUri();
AuthorizationCodeRequestUrl authorizationUrl
= getFlow().newAuthorizationUrl().setRedirectUri(redirectUri);
onAuthorization(authorizationUrl);
// receive authorization code and exchange it for an access token
String code = getReceiver().waitForCode();
GoogleTokenResponse response = (GoogleTokenResponse) getFlow().newTokenRequest(code).setRedirectUri(redirectUri).execute();
System.out.println(response.getIdToken()); //YES, THIS IS THE ID TOKEN!!!
// store credential and return it
return getFlow().createAndStoreCredential(response, userId);
} finally {
getReceiver().stop();
}
}
}
在你这样做之后,而不是
Credential credential = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
使用:
Credential credential = new GoogleAuthCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
更新 2018-05-29 - 我找到了更好、更可靠的解决方案
我发现这个解决方案通过在我们的 GoogleAuthorizationCodeFlow.Builder.
CredentialCreatedListener 和一个 CredentialRefreshListener 来工作
示例代码如下:
public Credential authorize() throws IOException {
InputStream in = GoogleLogin.class.getResourceAsStream("/google/client_secret.json");
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(DATA_STORE_FACTORY)
.setAccessType("offline")
.setCredentialCreatedListener(new AuthorizationCodeFlow.CredentialCreatedListener() {
@Override
public void onCredentialCreated(Credential credential, TokenResponse tokenResponse) throws IOException {
DATA_STORE_FACTORY.getDataStore("user").set("id_token", tokenResponse.get("id_token").toString());
}
})
.addRefreshListener(new CredentialRefreshListener() {
@Override
public void onTokenResponse(Credential credential, TokenResponse tokenResponse) throws IOException {
DATA_STORE_FACTORY.getDataStore("user").set("id_token", tokenResponse.get("id_token").toString());
}
@Override
public void onTokenErrorResponse(Credential credential, TokenErrorResponse tokenErrorResponse) throws IOException {
//handle token error response
}
})
.build();
Credential credential = new AuthorizationCodeInstalledApp(flow, serverReceiver).authorize("user");
System.out.println("Credentials saved to " + DATA_STORE_DIR.getAbsolutePath());
return credential;
}
代码差不多 self-explanatory。每当通过调用 credential.refreshToken() 创建或刷新新的 Credential 时,监听器将收到通知,并且 id_token 将从 TokenResponse(实际上是 GoogleTokenResponse 包含 id_token 字段的对象),我们将使用默认的 DataStoreFactory 来保存 id_token。 id_token 现在将保留在本地,并且每当调用 credential.refreshToken() 时都会由侦听器自动更新。