Should I get Token?



  • Tell me how to make the authentication of the laser correctly. Google LogIn ?

    I haven't done much of this yet, so I'm asking you to help me figure out how the process is right. LogIn- Oh.

    So when I make the login with a goo, I'm sending a request, the google confirms it and returns the answer to a specific laser, I take it. id This laser, his mail, his name, and I'm sending it to the server. Server confirms this laser and returns all the data on it. ♪ ♪

    But what happens if someone stole the Suther's mail, the name and id and sent it to the server, and got the data, it's not good. ♪ ♪

    If I understand correctly, I'll have to get a goon. TokenAnd he'll be sent to the server, too, when he gets to go to the google and check on some of the wrong tokens, and then it'll all work properly.

    But how do you get it? Token?

    Tell me how far I'm in the right direction.

    How is the authentication process going on with the server?

    RIGHTS

    When an authentication passes through the google, the google gives access to its api. But it has nothing to do with the authentication on my server. ♪ ♪

    So I get an authentication on the google, and I don't know how to tie it right to my server?

    LAW 2.0

    public void initGoogleLogIn() {
        GoogleSignInOptions gso = getGoogleSignInOptions();
        mGoogleApiClient = getGoogleApiClient(gso);
        SignInButton btnSignIn = (SignInButton) authorizationActivity.findViewById(R.id.btn_sign_in);
        btnSignIn.setOnClickListener(listener);
    }
    

    @NonNull
    private GoogleSignInOptions getGoogleSignInOptions() {
    return new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
    .requestIdToken(context.getResources().getString(R.string.server_id))
    .requestEmail()
    .build();

    }

    @NonNull
    private GoogleApiClient getGoogleApiClient(GoogleSignInOptions gso) {
    return new GoogleApiClient.Builder(context)
    .enableAutoManage(authorizationActivity, listenerConnection)
    .addApi(Auth.GOOGLE_SIGN_IN_API, gso)
    .build();
    }

    @Override
    public void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    // facebook
    FacebookImplementation.getCallbackManager()
    .onActivityResult(requestCode, resultCode, data);

    // google
    if (requestCode == States.GOOGLE_SIGNIN) {
    GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data);
    handleSignInResult(result);
    }
    }

    private void handleSignInResult(GoogleSignInResult result) {
    Logger.log(ActivityAuthorization.class, ""+ result.getStatus().toString(), Logger.ERROR);

    if (result.isSuccess()) {
        Logger.log(GoogleImplementation.class, "User is connecting by Google LogIn", Logger.ERROR);
    
        // Signed in successfully, show authenticated UI.
    
    }else {
        Logger.log(GoogleImplementation.class, "!!!!!!!!!!!!", Logger.ERROR);
    
    }
    

    }



  • In the annex, insert a lipstick for authorization. User data should be obtained, as I know, from API Google Plus, which is a user repository.

    1. The user presses the "repetition button," he's got the windows blown up (houl repeating, permitting) and he's going back to the annex.
    2. The annex shall receive the user ' s data and access_token from the liba.
    3. transfer access_token to your server. No user data are required to be obtained from liba and to be transmitted to the server, and they cannot be trusted.
    4. Using access_token, the server receives the necessary user data from the google and produces the necessary authorisation/registration actions, after which the annex meets.

    It is possible that access_token, obtained in the annex, will not simply be used from the server (with another ip). This is generally decided by adding a parameter to the request for authorization.

    Access_token is performed approximately:

    accessToken = GoogleAuthUtil.getToken(
        getApplicationContext(),
        mPlusClient.getAccountName(), "oauth2:"
            + Scopes.PLUS_LOGIN + " "
            + Scopes.PLUS_PROFILE+" https://www.googleapis.com/auth/plus.profile.emails.read");
    

    There are good examples of the token code: https://stackoverflow.com/questions/23759529/android-how-to-get-google-plus-access-token




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2