oauth - google+ api signin for both android app and server -
my app has android client communicating own back-end server. want use google api handle user authorisation me (using google+ account), user not need sign separate account app.
by following docs here https://developers.google.com/+/web/signin/server-side-flow
my understanding of authentication flow shown below. not sure correct, because sounds hijecking google api purpose
- user login on android
- android client 1 time access code , send server.
- my server exchange refresh token , access token. (if exchange successful, user authenticated)
- if user authenticated, generates access token on server, gives android client. android client can subsequently use token call server's api.
especially, doubtful point 3. exchange access code google refresh token , access token, never use them. purpose of exchange check whether user has been authorised google. not sounds quite correct? if not , way it?
this may others.
after receive access_token in server, execute curl/network request google server.
for example (in php) :
<?php $access_token=$_get['access_token']; //get access token $google_api_url="https://www.googleapis.com/plus/v1/people/me?access_token=". $access_token; // create google api url access_token $c=curl_init($google_api_url); // create network request google server curl_setopt($c,curlopt_returntransfer,true); $result=curl_exec($c); //execute request , response google server var_dump($result); //print result
result output (in json) :
if access_token valid
{ "kind": "plus#person", "gender": "male", "emails": [ { "value": "arr.mohd@gmail.com", "type": "account" } ], "objecttype": "person", "id": "101571740244190011262", "displayname": "rafique mohammed", "name": { "familyname": "mohammed", "givenname": "rafique" }, "url": "https://plus.google.com/101571740244190011262", "image": { "url": "https://lh6.googleusercontent.com/-pxirx5gnkwe/aaaaaaaaaai/aaaaaaaaaeg/99wwmsh16p8/photo.jpg?sz=50", "isdefault": false },.... //etc
if access_token invalid
{ "error": { "errors": [ { "domain": "global", "reason": "autherror", "message": "invalid credentials", "locationtype": "header", "location": "authorization" } ], "code": 401, "message": "invalid credentials" } }
thank you
Comments
Post a Comment