douxuqiao6394 2016-08-09 21:40
浏览 82

使用google-ouaht-2.0仅用于在Android应用和laravel服务器中进行身份验证

I am making an android app for tracking progress in premade tasks from a server. The app will create local profiles and download the tasks from the server, and save any progress the user makes (when they tick having done sub-tasks). What I want to do is be able to upload this progress back to the server to sync across devices. At first I created user accounts, and a random token to authenticate against the server after initial logon, to prevent saving passwords on the client. But then I figured I could use something like OAuth2 to login on the app with my google account, and then use the ID/email-address provided by Google to save the information on my server.

The problem is I can't figure out how to correctly set this up. I could easily just login, send the email to the server and save the data on that ID. The problem is what Google Token do I save? What should I save on the client side and send with the API-request to authenticate later? How / do I have to refresh the token?

All I want is a way to use OAuth from Google to authenticate the communication between the client and server...

NB: I am not going to use the Google OAuth for anything except auth and retrieving the users email-address.. (No Google API or anything..).

  • 写回答

1条回答 默认 最新

  • dongmeiba6151 2016-08-09 22:15
    关注

    I do not know if this is the answer you seek, but I used this solution in a recent project.

    Including this package in your Laravel environment will make handling any OAuth provider super-easy. You create two routes - one for login and one for the OAuth callback - and everything from token to session management is handled for you.

    You can specify how and what data is stored in your database by handling the callback in a certain way. Check out this code I wrote for a Facebook login scheme:

    try {
    SocialAuth::login('facebook', function($user, $details){
        if(!$details->full_name && !$details->email && !$details->avatar){
            throw new InvalidAuthorizationCodeException();
        }
        $user->name = $details->full_name;
        $user->email = $details->email;
        $user->avatar = $details->avatar . "?type=large";
        $user->save();
    });
} catch (ApplicationRejectedException $e) {
    // User rejected application
    return view('errors.facebook');
} catch (InvalidAuthorizationCodeException $e) {
    // Authorization was attempted with invalid
    // code,likely forgery attempt
    return view('errors.facebook');
}

return Redirect::intended();

    Finally if you want to check who is currently logged in, a simple $user = Auth::user(); will suffice. You can then use an id you have set in your database for user identification, if you make sure your API is protected by the Laravel auth middleware.

    评论

报告相同问题?

悬赏问题

  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图