我正在使用AppAuth实现谷歌登录。该应用程序可以成功进行身份验证。但是我需要一个id_token服务器,以便我可以从我的应用程序与我的服务器通信。为此,我相信我需要包括audience:server:client_id:WEB_CLIENT_ID以下链接所示。
https://developers.google.com/identity/sign-in/android/v1/backend-auth
此处提供更多信息: https ://developers.google.com/identity/protocols/CrossClientAuth
如何使用应用程序中的 Web 客户端 ID 来获取 id_token,以便我可以使用该令牌可靠地与服务器通信?
范围audience:server:client_id:WEB_CLIENT_ID特定于Android. 因为iOS我们需要audience=WEB_CLIENT_ID作为参数发送到令牌端点。
它适用于我的情况,使用以下代码。
OIDServiceConfiguration *configuration = [[OIDServiceConfiguration alloc] initWithAuthorizationEndpoint:authorizationEndpoint tokenEndpoint:tokenEndpoint];
// builds authentication request
OIDAuthorizationRequest *authorizationRequest =
[[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:kClientId
scopes:@[OIDScopeOpenID,
OIDScopeEmail]
redirectURL:[NSURL URLWithString:kRedirectUri]
responseType:OIDResponseTypeCode
additionalParameters:nil];
// performs authentication request
OIDAuthorizationUICoordinatorIOS *coordinator = [[OIDAuthorizationUICoordinatorIOS alloc]
initWithPresentingViewController:self];
id<OIDAuthorizationFlowSession> authFlowSession = [OIDAuthorizationService
presentAuthorizationRequest:authorizationRequest
UICoordinator:coordinator
callback:^(OIDAuthorizationResponse *_Nullable authorizationResponse,
NSError *_Nullable authorizationError) {
// inspects response and processes further if needed (e.g. authorization
// code exchange)
if (authorizationResponse) {
if ([authorizationRequest.responseType
isEqualToString:OIDResponseTypeCode]) {
// if the request is for the code flow (NB. not hybrid), assumes the
// code is intended for this client, and performs the authorization
// code exchange
OIDTokenRequest *tokenExchangeRequest =
[[OIDTokenRequest alloc] initWithConfiguration:authorizationRequest.configuration
grantType:OIDGrantTypeAuthorizationCode
authorizationCode:authorizationResponse.authorizationCode
redirectURL:authorizationRequest.redirectURL
clientID:authorizationRequest.clientID
clientSecret:authorizationRequest.clientSecret
scope:authorizationRequest.scope
refreshToken:nil
codeVerifier:authorizationRequest.codeVerifier
additionalParameters:@{@"audience":kWebClientId}];
//tokenExchangeRequest.scope = kAudienceServerClientId;
[OIDAuthorizationService
performTokenRequest:tokenExchangeRequest
callback:^(OIDTokenResponse *_Nullable tokenResponse,
NSError *_Nullable tokenError) {
OIDAuthState *authState;
if (tokenResponse) {
authState = [[OIDAuthState alloc]
initWithAuthorizationResponse:
authorizationResponse
tokenResponse:tokenResponse];
}
[self onSignInResponse:authState error:tokenError];
}];
} else {
// implicit or hybrid flow (hybrid flow assumes code is not for this
// client)
OIDAuthState *authState = [[OIDAuthState alloc]
initWithAuthorizationResponse:authorizationResponse];
[self onSignInResponse:authState error:authorizationError];
}
} else {
[self onSignInResponse:nil error:authorizationError];
}
}];
MyAppDelegate *appDelegate = [MyAppDelegate sharedInstance];
appDelegate.currentAuthorizationFlow = authFlowSession;