下图是用谷歌账户的登录流程图:
如果在APP中使用Google账户进行登录。
步骤一:
<span style="font-size:18px;">GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(new Scope(Scopes.DRIVE_APPFOLDER))
// The serverClientId is an OAuth 2.0 web client ID
// Details at: https://developers.google.com/identity/sign-in/android/?utm_campaign=android_discussion_server_021116&utm_source=anddev&utm_medium=blogstart step 4
.requestServerAuthCode(serverClientId)
.requestEmail()
.build(); </span>
这需要你 Web Client ID为您的服务器。 细节如何获得参见步骤四。
在这种情况下,请求DRIVE_APPFOLDER范围,这意味着用户将被要求允许应用程序访问谷歌驱动的。 此外,服务器将请求身份验证代码。
如果登录成功,身份验证代码可以从账户中提取对象如下:
<span style="font-size:18px;"> if (result.isSuccess()) {
GoogleSignInAccount acct = result.getSignInAccount();
String authCode = acct.getServerAuthCode();
} </span>
这种身份验证代码应该使用HTTPS,然后被发送到你的服务器,交换之后,将给您的服务器访问用户的谷歌驱动。 (重要:你应该发送经过身份验证的代码调用你的后端,以确保它是一个合法的请求从活跃用户)。
步骤二:你需要用到GoogleAuthorizationCodeTokenRequest 类:
<span style="font-size:18px;">// Set path to the Web application client_secret_*.json file you downloaded from the
// Google Developers Console: https://console.developers.google.com/project/_/apiui/credential
// You can also find your Web application client ID and client secret from the
// console and specify them directly when you create the GoogleAuthorizationCodeTokenRequest
// object.
String CLIENT_SECRET_FILE = "/path/to/client_secret.json"; // Be careful not to share this!
String REDIRECT_URI = "/path/to/web_app_redirect" // Can be empty if you don’t use web redirects
// Exchange auth code for access token
GoogleClientSecrets clientSecrets =
GoogleClientSecrets.load(
JacksonFactory.getDefaultInstance(), new FileReader(CLIENT_SECRET_FILE));
GoogleTokenResponse tokenResponse =
new GoogleAuthorizationCodeTokenRequest(
new NetHttpTransport(),
JacksonFactory.getDefaultInstance(),
"https://www.googleapis.com/oauth2/v4/token",
clientSecrets.getDetails().getClientId(),
clientSecrets.getDetails().getClientSecret(),
authCode,
REDIRECT_URI)
.execute();
String accessToken = tokenResponse.getAccessToken();
String refreshToken = tokenResponse.getRefreshToken();
Long expiresInSeconds = tokenResponse.getExpiresInSeconds();
// You can also get an ID token from the exchange result if basic profile scopes are requested
// e.g. starting GoogleSignInOptions.Builder from GoogleSignInOptions.DEFAULT_SIGN_IN like the
// sample code as used here: http://goo.gl/0Unpq8
//
// GoogleIdToken googleIdToken = tokenResponse.parseIdToken();
然后,创建一个 GoogleCredential 从GoogleTokenResponse对象使用令牌:
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(new NetHttpTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setClientSecrets(clientSecrets)
.build();
credential.setAccessToken(accessToken);
credential.setExpiresInSeconds(expiresInSeconds);
credential.setRefreshToken(refreshToken); </span>
如果刷新令牌可用,你可以持续使用的凭证 StoredCredential 供以后使用如果你需要继续访问API代表用户。
步骤3: 凭据可以用来访问谷歌服务。 现在,在我们的食品外卖场景中,您可能想要存储或检索照片或在Google Drive成品发货的收据。 例如,它会看起来像这样:
Drive drive = new Drive.Builder(new NetHttpTransport(),
JacksonFactory.getDefaultInstance(),
credential)
.setApplicationName("Auth Code Exchange Demo")
.build();
File file = drive.files().get("appfolder").execute();