问题描述

如何验证通过第三方后端(自定义python后端，非gae)上的Google Identity Toolkit(GitkitClient)在Android设备上获得的OAuth2令牌?

How do I validate an OAuth2 token obtained on an Android device via the Google Identity Toolkit (GitkitClient) on 3rd-party backend (custom python backend, non-gae)?

我可以通过使用GitkitClient在Android上获取令牌.

I'm able to obtain a token on Android via the use of GitkitClient.

但是我的非Google应用程序引擎(Python)后端如何验证此令牌有效(来自Google)?

But how can my non-google-app-engine (Python) backend verify that this token is valid (from Google)?

推荐答案

您可以使用Google Identity Toolkit Python客户端库来验证该令牌: https://github.com/google/identity-toolkit-python-client .

You could use the Google Identity Toolkit Python client library to verify that token: https://github.com/google/identity-toolkit-python-client.

p12_file = 'YOUR_SERVICE_ACCOUNT_PRIVATE_KEY_FILE.p12'
f = file(p12_file, 'rb')
key = f.read()
f.close()
gitkit_instance = gitkitclient.GitkitClient(
  client_id='YOUR_WEB_APPLICATION_CLIENT_ID_AT_GOOGLE_DEVELOPER_CONSOLE',
  service_account_email='YOUR_SERVICE_ACCOUNT_EMAIL@developer.gserviceaccount.com',
  service_account_key=key,
  widget_url='URL_ON_YOUR_SERVER_TO_HOST_GITKIT_WIDGET')

user = gitkit_instance.VerifyGitkitToken(request.COOKIES['gtoken'])

这篇关于验证通过第三方后端(自定义python后端，非gae)上的Google Identity Toolkit(GitkitClient)在Android设备上获得的OAuth2令牌吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！