问题描述
我正在编写一个 Android 应用程序,它使用 AccountManager 来获取令牌.我可以通过 Android 应用与 Google Picasa 进行交互 - 效果很好.
I'm writing an Android application, which uses AccountManager to get the token. From an android app I'm able to interact with Google Picasa - it works fine.
我想要实现的是:发送一些文本 + authToken 到我的第三方服务器,然后在保存文本之前检查令牌是否正确.现在的问题是:是否可以仅在令牌本身(以及电子邮件地址)上确定特定令牌的 authToken 是否正确.
What I would like to achieve is the following: send some text + authToken to my third party server, then check if the token is correct before saving the text. Now the question is: is it possible to determine if the authToken of a particular token is correct solely on the token itself (and maybe email address).
我已经对服务器部分进行了编程,它接受令牌(从 android 应用程序发送),然后向 URL 地址发出请求:
I've already programmed the server part, which accepts the token (send from android application), then issues a request to an URL address:
https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%
我得到的是以下 JSON:
What I get back is the following JSON:
{
"error" : "invalid_token"
}
但是这里的链接 http://oauthssodemo.appspot.com/step/4 指出如果令牌正确,我应该收到不同的 JSON 响应.你能告诉我我做错了什么吗:我相信检查令牌有效性的方法真的没有那么简单,但我应该实现整个 openid 或其他东西.即使是这种情况,我如何检查 android 应用程序发送的令牌是否正确,以便我可以保存消息的文本"部分.
But the link here http://oauthssodemo.appspot.com/step/4 states that if a token is correct I should receive a different JSON response. Can you tell me what I'm doing wrong: I believe that the way to check token's validity really isn't that simple, but I should rather implement the whole openid or something. Even if that is the case, how can I check whether the token send by android app is correct, so I can save the 'text' part of the message.
谢谢.
推荐答案
解决方案如下.您可以通过此网址验证令牌:
The solution is as follows. You can verify the token via this url:
https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%
但就我而言,我试图验证授权码"而不是访问令牌",正如您在此处看到的:https://code.google.com/oauthplayground/
But in my case I was trying to validate "Authorization code" and not "Access token" as you can see here: https://code.google.com/oauthplayground/
如果您使用的是 Android 和 OAuth,请不要使用
If you're using Android and OAuth don't use
lh2
而是使用以下作为服务名称:
but rather use the following as service name:
http://picasaweb.google.com/data/
所以你应该像下面这样调用 getAuthToken
So you should call getAuthToken as follows
getAuthToken(account, "http://picasaweb.google.com/data/" , true, null, null);
然后您可以在上面发布的 URI 上验证从此调用收到的令牌.
Then you can validate the token received from this call on the URI posted above.
这篇关于在第三方服务器上验证 Android 的 authToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!