我有一个允许用户将内容添加到我的服务器Android应用程序。每个用户都应该有这样的服务器上的帐户。

I have an Android app which let the users to add content to my server. Each user should have an account on this server.

该应用程序与服务器通过一个简单的API进行通信。

The app communicate with the server through a simple API.

我想使用的用户的Gmail地址作为usermame和获得的auth_token形式的AccountManager作为密码。  的问题是，所述的auth_token并不总是相同的，所以它不能用作正常密码

I want to use user's gmail address as the usermame and the auth_token obtained form AccountManager as a password. The problem is that the auth_token is not always the same so it cannot be used as a normal password.

通常情况下，服务器接收用户的Gmail地址和的auth_token，它应该检查令牌的有效期为收到的Gmail地址。问题是，这是不可能的：谷歌没有任何可以让我查一下这个方法

Normally the server receive user's gmail address and the auth_token and it should check if the token is valid for received gmail address. The problem is that this is not possible: google do not have any method which will let me check this.

你知道我怎么才能让我的用户使用他们的Gmail地址我的服务器上，但没有提示他们输入密码登录？

Do you know how can I let my users to log in on my server using their gmail address but without prompting them to enter a password?

我想有像来自＃1登录与谷歌，但我不明白我怎么能确保我的服务器上接收到的标识是正确的，而不是假的。

I want to have something like "Login with Google" from Stackoverflow but I don't understand how can I make sure that the received token on my server is correct and not a fake one.

感谢您

推荐答案

应该有送的auth_token谷歌和检索信息，如谷歌USER_ID，因为你可以检索这些相关信息的一种方式：

There should be a way of sending the auth_token to google and retrieving information like the google user_ID since you can retrieve those infos :

{
  "audience":"8819981768.apps.googleusercontent.com",
  "user_id":"123456789",
  "scope":"https://gdata.youtube.com",
  "expires_in":436
}

通过一个POST从你的Andr​​oid应用程序上：的https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg与访问令牌......它甚至在https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Authentication问题是，当你想从你的PHP服务器做到这一点，你就必须将它在SSL发送，因为谷歌需要它......这是我的code：

by making a POST from your android app on : https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg with the access token ... It's even indicated in https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Authentication The problem is that when you want to do it from your php server you'll have to send it in SSL because google requires it ... Here is my code :

<?php

if( isset($_POST['authToken'])){        

    header('Content-Type: text/plain');

    $name = 'www.googleapis.com';//nom du site

    $data = "access_token='".$_POST['authToken']."' ";

    $envoi  = "POST /oauth2/v1/tokeninfo HTTP/1.1\r\n";
    $envoi .= "Host: ".$name."\r\n";
    $envoi .= "Connection: Close\r\n";
    $envoi .= "Content-type: application/x-www-form-urlencoded\r\n";
    $envoi .= "Content-Length: ".strlen($data)."\r\n\r\n";
    $envoi .= $data."\r\n";      

    $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
    if($socket < 0){
            die('FATAL ERROR: socket_create() : " '.socket_strerror($socket).' "');
    }

    if (socket_connect($socket,gethostbyname($name),80) < 0){
            die('FATAL ERROR: socket_connect()');
    }


    if(($int = socket_write($socket, $envoi, strlen($envoi))) === false){
            die('FATAL ERROR: socket_write() failed, '.$int.' characters written');
    }

    $reception = '';
    while($buff = socket_read($socket, 2000)){
       $reception.=$buff;
    }
    echo $reception;

    socket_close($socket);  
}
?>

它只是需要适应SSL，它应该工作来获取谷歌USER_ID！之后你可以将其与一个在你的数据库和LOGG做比较！

it just needs to be adapted to SSL and it should work to retrieve the google user_id ! After what you can compare it with the one in your database and the logg is done !

顺便说一句，你能分享你的code与我们（使用方法的auth_token联系人）？或发送给fakeclark@live.com~~V感谢; - ）

By the way, could you share your code with us (using your method with auth_token for contacts) ? or send it to fakeclark@live.com THANKS ;-)