目前,我们计划使用Google Sign-In for Android ,作为我们的服务器身份验证方法。
这就是我们计划要做的。
客户端(适用于 Android 的 Google 登录)
GoogleSignInAccount account = completedTask.getResult(ApiException.class);
// This idToken will sent to backend server.
String idToken = account.getIdToken();
服务器端(适用于 Android 的 Google 登录)
// Based on received idToken from client, backend server will call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=...
// to identify who is this user.
{
// These six fields are included in all Google ID Tokens.
"iss": "https://accounts.google.com",
"sub": "110169484474386276334",
"azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"iat": "1433978353",
"exp": "1433981953",
// These seven fields are only included when the user has granted the "profile" and
// "email" OAuth scopes to the application.
"email": "testuser@gmail.com",
"email_verified": "true",
"name" : "Test User",
"picture": "https://lh4.googleusercontent.com/-kYgzyAWpZzJ/ABCDEFGHI/AAAJKLMNOP/tIXL9Ir44LE/s99-c/photo.jpg",
"given_name": "Test",
"family_name": "User",
"locale": "en"
}
将来,我们可能希望迁移以提供更多登录选项。这是我 future 的迁移计划,从适用于 Android 的 Google 登录迁移到 Firebase 身份验证。
客户端(Firebase 身份验证)
FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
mUser.getIdToken(true)
.addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
public void onComplete(@NonNull Task<GetTokenResult> task) {
if (task.isSuccessful()) {
// This idToken will sent to backend server.
String idToken = task.getResult().getToken();
} else {
// Handle error -> task.getException();
}
}
});
服务器端(适用于 Android 的 Google 登录)
# idToken comes from the client app (shown above)
decoded_token = auth.verify_id_token(idToken)
uid = decoded_token['uid']
我的问题是
对于 Android 版 Google 登录,我们计划将
"sub": "110169484474386276334"存储为表示用户的唯一标识符。这是要使用的正确字段吗?它是每个用户唯一的吗?到目前为止,我的测试是,在客户端,我们可能会为同一用户(在不同的一天)获得不同的idToken。来自同一用户的不同idToken,将仍然在服务器端产生相同的sub。有一天,我们可能会迁移到 Firebase 身份验证 以支持更多登录方法。它是否仍向后兼容
Google Sign-In for Android。Firebase Authentication是否能够返回与之前由Google Sign-In for Android返回的相同的“sub”?正如您在代码示例中看到的,Firebase Authentication返回uid。
我如何比较新的 Firebase Authentication 的 uid 与之前存储的 Google Sign-In 的 sub?
最佳答案
Q1:基本回答here :
A Google account's email address can change, so don't use it to identify a user. Instead, use the account's ID, which you can get on the client with
GoogleSignInAccount.getId(), and on the backend from thesubclaim of the ID token.
Q2:作为 Firebase 的身份验证提供商的 Google 仍然使用相同的 Google 登录流程(在开始时),同时它也会根据 Firebase 项目对用户进行身份验证。
有一个 example显示它:
private void signIn() {
Intent signInIntent = mGoogleSignInClient.getSignInIntent();
startActivityForResult(signInIntent, REQUESTCODE_SIGN_IN);
}
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
// Result returned from launching the Intent from GoogleSignInApi.getSignInIntent(...);
if (requestCode == REQUESTCODE_SIGN_IN) {
Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);
try {
// Google Sign In was successful
GoogleSignInAccount account = task.getResult(ApiException.class);
String idToken = account.getIdToken();
// Send token to your backend via HTTPS
// authenticate with Firebase
firebaseAuthWithGoogle(account);
} catch (ApiException e) {
Log.w(TAG, "Google sign in failed", e);
}
}
}
其中 GoogleSignInAccount account 仍然是相同的响应。
编辑:甚至可以verify the ID token来自 FirebaseAuth 就像这样:
FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
mUser.getIdToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
public void onComplete(@NonNull Task<GetTokenResult> task) {
if (task.isSuccessful()) {
String idToken = task.getResult().getToken();
// Send token to your backend via HTTPS
} else {
// Handle error -> task.getException();
}
}
});
关于android - 从适用于 Android 的 Google 登录迁移到 Firebase 身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53778717/