我已经实现了从 Android 或 iOS 设备接收 Google 登录令牌并尝试验证它的后端。代码在几个月前可以正常工作,它没有改变,但最近它开始拒绝所有令牌为无效。当我在发行时间约 10 秒后尝试使用先前失败的令牌再次重复验证时,它开始工作并返回用户信息。为什么会这样?
try {
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory()).setIssuer(ISSUER).build();
GoogleIdToken idToken = verifier.verify(token);
if (idToken != null) {
Payload payload = idToken.getPayload();
ExternalUserInfo externalUserInfo = new ExternalUserInfo();
externalUserInfo.setId((String) payload.getSubject());
externalUserInfo.setName((String) payload.get("given_name"));
externalUserInfo.setFamilyName((String) payload.get("family_name"));
externalUserInfo.setEmail(payload.getEmail());
externalUserInfo.setLocale((String) payload.get("locale"));
externalUserInfo.setSystemId(AuthorizationMapper.TYPE_GOOGLE);
return externalUserInfo;
} else {
logger.debug("Invalid Google Sign in token " + token);
}
} catch (Exception e) {
logger.error("Error while getting Google Sign in user info for token " + token, e);
}