validating Android's authToken on third party server

馋奶兔 提交于 2019-11-30 19:22:05

Stop using AccountManager and start using Google Play service’s GoogleAuthUtil class, then it gets easy. See http://android-developers.blogspot.ca/2013/01/verifying-back-end-calls-from-android.html

The solution is as follows. You can verify the token via this url:

https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%

But in my case I was trying to validate "Authorization code" and not "Access token" as you can see here: https://code.google.com/oauthplayground/

If you're using Android and OAuth don't use

lh2 

but rather use the following as service name:

http://picasaweb.google.com/data/

So you should call getAuthToken as follows

getAuthToken(account, "http://picasaweb.google.com/data/" , true, null, null);

Then you can validate the token received from this call on the URI posted above.

read this https://developers.google.com/accounts/docs/OAuth2WebServer

After the web server receives the authorization code, it may exchange the authorization code for an access token and a refresh token. This request is an HTTPs post, and includes the following parameters:

I came across passport-google-token passport strategy which perfectly performs the task.

https://www.npmjs.com/package/passport-google-token

More details are present in the above link.

Anton I. Sipos

Based on information in this answer: What is the proper way to validate google granted OAuth tokens in a node.js server? ,

you might try using id_token instead of access_token in the url to call Google's tokeninfo endpoint.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!