android android-studio authorization google-api-java-client google-signin

Android: ¿Qué es el transporte y jsonFactory en GoogleIdTokenVerifier.Builder?



android-studio authorization (2)

Debe seleccionar el transporte de acuerdo con la plataforma en la que está ejecutando el código.

Cotización de la documentación.

Implementation is thread-safe, and sub-classes must be thread-safe. For maximum efficiency, applications should use a single globally-shared instance of the HTTP transport. The recommended concrete implementation HTTP transport library to use depends on what environment you are running in: Google App Engine: use com.google.api.client.extensions.appengine.http.UrlFetchTransport. com.google.api.client.apache.ApacheHttpTransport doesn''t work on App Engine because the Apache HTTP Client opens its own sockets (though in theory there are ways to hack it to work on App Engine that might work). com.google.api.client.javanet.NetHttpTransport is discouraged due to a bug in the App Engine SDK itself in how it parses HTTP headers in the response. Android: For maximum backwards compatibility with older SDK''s use newCompatibleTransport from com.google.api.client.extensions.android.http.AndroidHttp (read its JavaDoc for details). If your application is targeting Gingerbread (SDK 2.3) or higher, simply use com.google.api.client.javanet.NetHttpTransport. Other Java environments com.google.api.client.javanet.NetHttpTransport is based on the HttpURLConnection built into the Java SDK, so it is normally the preferred choice. com.google.api.client.apache.ApacheHttpTransport is a good choice for users of the Apache HTTP Client, especially if you need some of the configuration options available in that library.

Enlace de documentación: https://developers.google.com/api-client-library/java/google-http-java-client/reference/1.19.0/com/google/api/client/http/HttpTransport?is-external=true

Si sigue ciegamente la segunda respuesta a la pregunta, obtendrá la excepción Caused by: java.lang.ClassNotFoundException: com.google.appengine.api.urlfetch.HTTPMethod

en el código de golpe, ¿qué es el transport y jsonFactory ? (No entiendo)

https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; ... GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport /**Here**/, jsonFactory /**Here**/) .setAudience(Arrays.asList(CLIENT_ID)) // If you retrieved the token on Android using the Play Services 8.3 API or newer, set // the issuer to "https://accounts.google.com". Otherwise, set the issuer to // "accounts.google.com". If you need to verify tokens from multiple sources, build // a GoogleIdTokenVerifier for each issuer and try them both. .setIssuer("https://accounts.google.com") .build(); // (Receive idTokenString by HTTPS POST) GoogleIdToken idToken = verifier.verify(idTokenString); if (idToken != null) { Payload payload = idToken.getPayload(); // Print user identifier String userId = payload.getSubject(); System.out.println("User ID: " + userId); // Get profile information from payload String email = payload.getEmail(); boolean emailVerified = Boolean.valueOf(payload.getEmailVerified()); String name = (String) payload.get("name"); String pictureUrl = (String) payload.get("picture"); String locale = (String) payload.get("locale"); String familyName = (String) payload.get("family_name"); String givenName = (String) payload.get("given_name"); // Use or store profile information // ... } else { System.out.println("Invalid ID token."); }


GoogleIdTokenVerifier.Builder devuelve un GoogleIdTokenVerifier que realizará una solicitud al punto final de tokeninfo con el transport le das y usará la JSONFactory para crear un analizador para analizar la respuesta.

Este es un ejemplo de un autenticador para un proyecto de puntos finales en la nube que utiliza el GoogleIdTokenVerifier.Builder

public class GoogleAuthenticator implements Authenticator { private static final Logger log = Logger.getLogger(GoogleAuthenticator.class.getName()); private static final JacksonFactory jacksonFactory = new JacksonFactory(); // From: https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library // If you retrieved the token on Android using the Play Services 8.3 API or newer, set // the issuer to "https://accounts.google.com". Otherwise, set the issuer to // "accounts.google.com". If you need to verify tokens from multiple sources, build // a GoogleIdTokenVerifier for each issuer and try them both. GoogleIdTokenVerifier verifierForNewAndroidClients = new GoogleIdTokenVerifier.Builder(UrlFetchTransport.getDefaultInstance(), jacksonFactory) .setAudience(Arrays.asList(CRLConstants.IOS_CLIENT_ID, CRLConstants.ANDROID_CLIENT_ID_RELEASE, CRLConstants.ANDROID_CLIENT_ID_DEBUG)) .setIssuer("https://accounts.google.com") .build(); GoogleIdTokenVerifier verifierForOtherClients = new GoogleIdTokenVerifier.Builder(UrlFetchTransport.getDefaultInstance(), jacksonFactory) .setAudience(Arrays.asList(CRLConstants.IOS_CLIENT_ID, CRLConstants.ANDROID_CLIENT_ID_RELEASE, CRLConstants.ANDROID_CLIENT_ID_DEBUG)) .setIssuer("accounts.google.com") .build(); // Custom Authenticator class for authenticating google accounts @Override public User authenticate(HttpServletRequest request) { String token = request.getHeader("google_id_token"); if (token != null) { GoogleIdToken idToken = null; try { idToken = verifierForNewAndroidClients.verify(token); if(idToken == null) idToken = verifierForOtherClients.verify(token); if (idToken != null) { GoogleIdToken.Payload payload = idToken.getPayload(); // Get profile information from payload String userId = payload.getSubject(); String email = payload.getEmail(); return new GoogleUser(userId, email); } else { log.warning("Invalid Google ID token."); } } catch (GeneralSecurityException e) { log.warning(e.getLocalizedMessage()); } catch (IOException e) { log.warning(e.getLocalizedMessage()); } } return null; } }