java - 从 GoogleIdToken 获取用户个人资料

Question

我正在尝试这样做:

https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint

我使用我的 CLIENT_ID 复制粘贴了示例中的 Java 代码，但除了用户 ID、电子邮件和已验证的电子邮件之外，我无法获得更多信息。 idTokenString 验证 OK。还有其他人让这个工作吗？

我在 OAuth 2.0 Playground 中要求这些:

https://www.googleapis.com/auth/plus.login

https://www.googleapis.com/auth/plus.me

https://www.googleapis.com/auth/userinfo.email

https://www.googleapis.com/auth/userinfo.profile

https://www.googleapis.com/auth/plus.moments.write

https://www.googleapis.com/auth/plus.profile.agerange.read

https://www.googleapis.com/auth/plus.profile.language.read

https://www.googleapis.com/auth/plus.circles.members.read

我猜 user.profile 是我唯一需要的？

这是我的代码:

GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
                .setAudience(Arrays.asList(CLIENT_ID))
                .setIssuer("accounts.google.com")
                .build();

        GoogleIdToken idToken = verifier.verify(idTokenString);
        System.out.println("SUCCESS!");
        System.out.println(idToken);

        if (idToken != null) {
            GoogleIdToken.Payload payload = idToken.getPayload();

            // Print user identifier
            String userId = payload.getSubject();
            System.out.println("User ID: " + userId);

            // Get profile information from payload
            String email = payload.getEmail();
            boolean emailVerified = payload.getEmailVerified();
            String name = (String) payload.get("name");
            String pictureUrl = (String) payload.get("picture");
            String locale = (String) payload.get("locale");
            String familyName = (String) payload.get("family_name");
            String givenName = (String) payload.get("given_name");

            // Use or store profile information
            // ...
            System.out.println(email);
            System.out.println(emailVerified);
            System.out.println(name);
            System.out.println(pictureUrl);
            System.out.println(locale);
            System.out.println(familyName);
            System.out.println(givenName);


        } else {
            System.out.println("Invalid ID token.");
        }
    } catch (GeneralSecurityException | IOException e) {

        System.out.println("ERRRRO! Invalid ID token.");
    }

使用:java-api-client 1.20.0

Answer 1

我今天使用 com.google.api-client:google-api-client:1.22.0 遇到了同样的问题

但我能够解决它。

问题

当尝试从 OAuth2 Playground 获取 id token 时，我注意到有这个请求

POST/oauth2/v4/token HTTP/1.1 主机:www.googleapis.com

Google 库在 GoogleOAuthConstants 中硬编码了 TOKEN_SERVER_URL，值为 https://accounts.google.com/o/oauth2/token

修复

为了修复它，我创建了以下类

public class GoogleAuthorizationCodeTokenV4Request extends GoogleAuthorizationCodeTokenRequest {


    public GoogleAuthorizationCodeTokenV4Request(HttpTransport transport, JsonFactory jsonFactory, String clientId, String
            clientSecret, String code, String redirectUri) {
        super(transport, jsonFactory, "https://www.googleapis.com/oauth2/v4/token", clientId, clientSecret,
            code, redirectUri);
    }
}

然后只需调用它而不是原来的 GoogleAuthorizationCodeTokenRequest

return new GoogleAuthorizationCodeTokenV4Request(new NetHttpTransport(), JacksonFactory.getDefaultInstance(),
                clientId, secret, authToken, callBack)
                .execute();

在 profile 范围内，所有信息(图片、名称...)都在 id_token 中