0

I was trying to achieve an openID login with google and then get an acces token to access google apis (such google plus, or drive)

The first attemp was successful but with a big problem:

  • Make the openId stuff, and the user is redirected to google to identify himself, then return to my app identified.
  • Make the oAuth stuff with google apis, redirect the user again to identify himself and cameback with a code, then exchange the code for the access token needed to call google apis.

The user needs to identify twice. That's not good.

I read and tryed the google hybrid openId and oAuth. All links there points to the deprecated oAuth1 interface, and i cant make it work, i get the user identified but not request_token to continue the oAuth stuff.

So i have a couple of questions:

  • Is there a way to identify the user agains google openId and at the same time get the users consent to access google apis?
  • Is the hybrid protocol still working with oAuth2 and new google apis?
  • I'm on the good way or im missing something?

I need both openId and oAuth beacouse the application needs to be in the google marketplace and is a must to login users with openId, and i need to hit some APIs that need oAuth2 access_token.

Thanks!

4

2 回答 2

0

好的,最后我有一个可行的解决方案,这是对我有用的“神奇”网址:

String url = "https://accounts.google.com/o/oauth2/auth?"
  + "client_id="+ GoogleapiAuthHelper.CLIENT_ID +"&"
  + "response_type=code&"
  + "scope=openid%20profile%20https://www.googleapis.com/auth/plus.me&"
  + "redirect_uri="+GoogleapiAuthHelper.REDIRECT_URI+ "&"
  + "state=security_token%3Dasdalskjqwo91231029";

if( userService.getCurrentUser() != null ){
   url += "&login_hint=" + userService.getCurrentUser().getEmail(); 
}

脚步:

  • 首先,使用 openId 识别用户,用户进入登录屏幕并输入他的凭据。
  • 用户返回识别到应用程序
  • 将用户重定向到上面的 URL。参数 login_hint 使用户不需要再次识别,并且对该 url 的响应是带有 oAuth 代码的重定向,您可以轻松地交换所需的访问令牌。

在阅读了所有 Google Plus API、Google Drive API、oAuth2 和 openId 文档后,指向正确方向的文档是https://developers.google.com/accounts/docs/OAuth2Login?hl=es

我不知道这是否是实现 openId + oAuth 的最佳方式,但它可以工作,我无法以任何其他方式使其工作。希望这可以帮助某人。

于 2013-05-07T10:38:18.540 回答
0

为什么您需要同时使用 OpenID 和 OAuth,并拥有两个登录屏幕?如果您只是使用 OAuth 2.0 工作流程,用户只需输入一次他的凭据,您就可以做任何您想做的事情。

一旦用户同意 OAuth 工作流程中的登录/权限屏幕,您的应用程序将获得访问令牌。如果您需要任何客户端信息,例如欢迎用户屏幕 - 您只需使用访问令牌点击https://www.googleapis.com/oauth2/v1/userinfo端点,它将为您提供用户的公共信息. 因此,简而言之,您可以使用 OAuth 流程完成大部分操作,并且用户只需登录一次。

祝你好运!随时跟进更多问题。

于 2013-05-05T06:00:53.963 回答