我正在写一个Android应用程序,它使用的AccountManager获得令牌。从一个Android应用程序,我能与谷歌Picasa的互动 - 它正常工作
I'm writing an Android application, which uses AccountManager to get the token. From an android app I'm able to interact with Google Picasa - it works fine.
我想实现的是:发送一些文字+的authToken到我的第三方服务器,然后检查令牌是保存文本之前正确的。现在的问题是:是否有可能确定特定令牌的的authToken是正确仅基于令牌本身(也许电子邮件地址)。
What I would like to achieve is the following: send some text + authToken to my third party server, then check if the token is correct before saving the text. Now the question is: is it possible to determine if the authToken of a particular token is correct solely on the token itself (and maybe email address).
我已经设定的服务器部分,它接受令牌(发送来自Android应用程序),然后发出请求的URL地址:
I've already programmed the server part, which accepts the token (send from android application), then issues a request to an URL address:
https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%
我得到的回复是以下JSON:
What I get back is the following JSON:
{
"error" : "invalid_token"
}
但这里的链接 http://oauthssodemo.appspot.com/step/4 的规定,如果一个令牌正确的我应该得到一个不同的JSON响应。你能告诉我什么,我做错了:我相信检查令牌的有效性,真正的办法是不是那么简单,但我倒是应该实现整个OpenID的什么的。即使是这样的话,我怎么能检查发送通过Android应用程序令牌是否正确,这样我就可以保存邮件的文本的部分。
But the link here http://oauthssodemo.appspot.com/step/4 states that if a token is correct I should receive a different JSON response. Can you tell me what I'm doing wrong: I believe that the way to check token's validity really isn't that simple, but I should rather implement the whole openid or something. Even if that is the case, how can I check whether the token send by android app is correct, so I can save the 'text' part of the message.
感谢你。
该解决方案如下。您可以通过该网址验证令牌:
The solution is as follows. You can verify the token via this url:
https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%
不过,在我的情况,我试图验证授权code,而不是访问令牌,你可以在这里看到:的 HTTPS://$c$c.google.com/oauthplayground/
如果您使用的是Android和OAuth的不使用
If you're using Android and OAuth don't use
lh2
而使用以下作为服务名称:
but rather use the following as service name:
http://picasaweb.google.com/data/
所以,你应该叫getAuthToken如下:
So you should call getAuthToken as follows
getAuthToken(account, "http://picasaweb.google.com/data/" , true, null, null);
然后就可以验证这个调用收到的URI上面贴的标志。
Then you can validate the token received from this call on the URI posted above.
上一篇:蓝牙文件传输蓝牙、文件传输