在第三方服务器上验证 Android 的 authToken

本文介绍了在第三方服务器上验证 Android 的 authToken的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在编写一个 Android 应用程序，它使用 AccountManager 来获取令牌.我可以通过 Android 应用与 Google Picasa 进行交互 - 效果很好.

I'm writing an Android application, which uses AccountManager to get the token. From an android app I'm able to interact with Google Picasa - it works fine.

我想要实现的是:发送一些文本 + authToken 到我的第三方服务器，然后在保存文本之前检查令牌是否正确.现在的问题是:是否可以仅在令牌本身(以及电子邮件地址)上确定特定令牌的 authToken 是否正确.

What I would like to achieve is the following: send some text + authToken to my third party server, then check if the token is correct before saving the text. Now the question is: is it possible to determine if the authToken of a particular token is correct solely on the token itself (and maybe email address).

我已经对服务器部分进行了编程，它接受令牌(从 android 应用程序发送)，然后向 URL 地址发出请求:

I've already programmed the server part, which accepts the token (send from android application), then issues a request to an URL address:

https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%

我得到的是以下 JSON:

What I get back is the following JSON:

{
  "error" : "invalid_token"
}

但是这里的链接 http://oauthssodemo.appspot.com/step/4 指出如果令牌正确，我应该收到不同的 JSON 响应.你能告诉我我做错了什么吗:我相信检查令牌有效性的方法真的没有那么简单，但我应该实现整个 openid 或其他东西.即使是这种情况，我如何检查 android 应用程序发送的令牌是否正确，以便我可以保存消息的文本"部分.

But the link here http://oauthssodemo.appspot.com/step/4 states that if a token is correct I should receive a different JSON response. Can you tell me what I'm doing wrong: I believe that the way to check token's validity really isn't that simple, but I should rather implement the whole openid or something. Even if that is the case, how can I check whether the token send by android app is correct, so I can save the 'text' part of the message.

谢谢.

推荐答案

解决方案如下.您可以通过此网址验证令牌:

The solution is as follows. You can verify the token via this url:

https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%

但就我而言，我试图验证授权码"而不是访问令牌"，正如您在此处看到的:https://code.google.com/oauthplayground/

But in my case I was trying to validate "Authorization code" and not "Access token" as you can see here: https://code.google.com/oauthplayground/

如果您使用的是 Android 和 OAuth，请不要使用

If you're using Android and OAuth don't use

lh2

而是使用以下作为服务名称:

but rather use the following as service name:

http://picasaweb.google.com/data/

所以你应该像下面这样调用 getAuthToken

So you should call getAuthToken as follows

getAuthToken(account, "http://picasaweb.google.com/data/" , true, null, null);

然后您可以在上面发布的 URI 上验证从此调用收到的令牌.

Then you can validate the token received from this call on the URI posted above.

这篇关于在第三方服务器上验证 Android 的 authToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！