我正在使用AppAuth实施Google登录。该应用可以成功验证。但我需要一个id_token用于我的服务器,以便我可以从我的应用程序与我的服务器通信。为此我相信我需要包含audience:server:client_id:WEB_CLIENT_ID,如下面的链接所示。使用AppAuth和跨客户端标识的Google登录
https://developers.google.com/identity/sign-in/android/v1/backend-auth
的更多信息,请访问: https://developers.google.com/identity/protocols/CrossClientAuth
我如何使用我的Web客户端ID从应用程序,这样我可以可靠地使用该令牌我的服务器通信,以获取一个id_token?
范围audience:server:client_id:WEB_CLIENT_ID特定于Android。对于iOS,我们需要将audience=WEB_CLIENT_ID作为参数发送给令牌端点。
它在我的情况下使用下面的代码。
OIDServiceConfiguration *configuration = [[OIDServiceConfiguration alloc] initWithAuthorizationEndpoint:authorizationEndpoint tokenEndpoint:tokenEndpoint];
// builds authentication request
OIDAuthorizationRequest *authorizationRequest =
[[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:kClientId
scopes:@[OIDScopeOpenID,
OIDScopeEmail]
redirectURL:[NSURL URLWithString:kRedirectUri]
responseType:OIDResponseTypeCode
additionalParameters:nil];
// performs authentication request
OIDAuthorizationUICoordinatorIOS *coordinator = [[OIDAuthorizationUICoordinatorIOS alloc]
initWithPresentingViewController:self];
id<OIDAuthorizationFlowSession> authFlowSession = [OIDAuthorizationService
presentAuthorizationRequest:authorizationRequest
UICoordinator:coordinator
callback:^(OIDAuthorizationResponse *_Nullable authorizationResponse,
NSError *_Nullable authorizationError) {
// inspects response and processes further if needed (e.g. authorization
// code exchange)
if (authorizationResponse) {
if ([authorizationRequest.responseType
isEqualToString:OIDResponseTypeCode]) {
// if the request is for the code flow (NB. not hybrid), assumes the
// code is intended for this client, and performs the authorization
// code exchange
OIDTokenRequest *tokenExchangeRequest =
[[OIDTokenRequest alloc] initWithConfiguration:authorizationRequest.configuration
grantType:OIDGrantTypeAuthorizationCode
authorizationCode:authorizationResponse.authorizationCode
redirectURL:authorizationRequest.redirectURL
clientID:authorizationRequest.clientID
clientSecret:authorizationRequest.clientSecret
scope:authorizationRequest.scope
refreshToken:nil
codeVerifier:authorizationRequest.codeVerifier
additionalParameters:@{@"audience":kWebClientId}];
//tokenExchangeRequest.scope = kAudienceServerClientId;
[OIDAuthorizationService
performTokenRequest:tokenExchangeRequest
callback:^(OIDTokenResponse *_Nullable tokenResponse,
NSError *_Nullable tokenError) {
OIDAuthState *authState;
if (tokenResponse) {
authState = [[OIDAuthState alloc]
initWithAuthorizationResponse:
authorizationResponse
tokenResponse:tokenResponse];
}
[self onSignInResponse:authState error:tokenError];
}];
} else {
// implicit or hybrid flow (hybrid flow assumes code is not for this
// client)
OIDAuthState *authState = [[OIDAuthState alloc]
initWithAuthorizationResponse:authorizationResponse];
[self onSignInResponse:authState error:authorizationError];
}
} else {
[self onSignInResponse:nil error:authorizationError];
}
}];
MyAppDelegate *appDelegate = [MyAppDelegate sharedInstance];
appDelegate.currentAuthorizationFlow = authFlowSession;