谷歌登录 (服务端)
不需要开发者账号
参考链接
https://blog.csdn.net/qq_43958998/article/details/139113126
https://juejin.cn/post/7252584767593627707
参数获取
获取 client_id 、client_secret 、redirect_uri
配置链接
https://console.cloud.google.com/apis/dashboard
需要启用
创建凭据
配置凭据参数
依赖
<!-- https://mvnrepository.com/artifact/com.google.api-client/google-api-client -->
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>2.6.0</version>
</dependency>
<!-- google client依赖 https://mvnrepository.com/artifact/com.google.auth/google-auth-library-oauth2-http -->
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-oauth2-http</artifactId>
<version>1.19.0</version>
</dependency>
登录方式
使用 access_token登录
获取 access_token
https://accounts.google.com/o/oauth2/v2/auth?
client_id= ****自己的***
&redirect_uri= ****配置好的***
&scope=email openid https://www.googleapis.com/auth/userinfo.email
&response_type=token
ya29.a0AcM612z4iOgHa1SW9Wj_qunUBmh33NMlOq25N6DVSGPCAL4SlsdhQyToG1la3NKbfEog6xviPl4YJ6i_26CZuyER7pIwbly353WNPtePivp9ZWyYTfQ7SmPRSzgc6Rk962Bc52DDsDuH2tSNoIFlQBhS3xLpXDIMH0YaCgYKAecSARASFQHGX2Mih7vVj6mQcYrGKWarchReEw0170
获取用户信息
GET https://www.googleapis.com/oauth2/v2/userinfo
Content-Type: application/x-www-form-urlencoded
Headers:
Authorization Bearer ya29.a0AcM612z4iOgHa1SW9Wj_qunUBmh33NMlOq25N6DVSGPCAL4SlsdhQyToG1la3NKbfEog6xviPl4YJ6i_26CZuyER7pIwbly353WNPtePivp9ZWyYTfQ7SmPRSzgc6Rk962Bc52DDsDuH2tSNoIFlQBhS3xLpXDIMH0YaCgYKAecSARASFQHGX2Mih7vVj6mQcYrGKWarchReEw0170
无参数
响应参数
{
"id": "1000000222211",
"email": "xxxxx@gmail.com",
"verified_email": true,
"picture": "https://lh3.googleusercontent.com/a-/ALV-UjV1MoUDDaZoLpj7y5GB4SJtqV_S01oU6sfCOu7aLsMBMGe5Nw=s96-c"
}
验证代码
无、直接调用userinfo接口验证用户信息即可
使用 id_token 登录
2.1 获取 code
https://accounts.google.com/o/oauth2/v2/auth?
client_id= ****自己的***
&redirect_uri= ****配置好的***
&scope=email openid https://www.googleapis.com/auth/userinfo.email
&response_type=code
在浏览器上执行,登录完成后跳转链接如下
code url 解码
4/0AQlEd8zQ-sWfUeAVxpfqL-y9AMT5Arbze0c3ydZfDInbYZrFHxw38TPTeO1kiWPaT5W4Sg
2.2 获取 id_token
POST https://oauth2.googleapis.com/token
Content-Type: application/x-www-form-urlencoded
code= 参考2.1步结果
client_id=your-client-id
client_secret=your-client-secret
redirect_uri= ****配置好的***
grant_type= authorization_code //固定值
注意点: code只能使用一次
相应参数
{
"access_token": "ya29.a0AcM612xU1YjjT5IOBi4GUTNaMAEXQdgx7e7XwwU-YPGFXEz-91AXrQ1PwenCNpsfQxvF7L9Tiza0yZ7mIPFSN5TYKh6k5JQnsLsgqt5B-TRKpwPa2wyhmzeehGXS11q8x4t4U-jbZLQUggiQ-GxsQzraysn2iHcYrVIaCgYKAVYSARASFQHGX2MiHF48i6Pv5fHTIKq_UhKliQ0170",
"expires_in": 3558,
"scope": "https://www.googleapis.com/auth/userinfo.email openid",
"token_type": "Bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImQ3YjkzOTc3MWE3ODAwYzQxM2Y5MDA1MTAxMmQ5NzU5ODE5MTZkNzEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiI4ODU3NTQzMTg2NzAtMGl0ZGhoOGZqcDZuY2tra2ViYjJuaDA3OXMxbDhwYmguYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI4ODU3NTQzMTg2NzAtMGl0ZGhoOGZqcDZuY2tra2ViYjJuaDA3OXMxbDhwYmguYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDMwNDc0OTYzMTk1NDM0OTg0NTkiLCJlbWFpbCI6Imh1aHVzemwwNzIwQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoiWExiWFQxal9Bd2o5UmxCN1AwTml2USIsImlhdCI6MTcyNjI5NzYyNSwiZXhwIjoxNzI2MzAxMjI1fQ.MHO4VYJ0YxwAyl9Bz71V9KPOTwlsC8ivD6oOaSneIxPtQE7hXstYtkYIggwGddjoz7Z1kka-D9lDhCxXOpklkewMihogubWLQoOIiMTw-lHA-hLH3kRK5UMuJwEByawsVQrmqcH70emL0cF0_dJVNMeRCAMpMRhRgpfiPFk6O-G6piUalX7d92GGC0PZS5HVtV24P9b8ueWvgWezcqKp8M9ZxqYnJTRj7HnvsP18EjDU-tHmgKmq0zEmE55uIGPlEhYLk4kg2LOZ-lkXbdhhSrWvUU8wyXtDcNJAVDKOxEwIfj-m66FCAaK1_UYrSZagIT2FOmilUTGz8YEcz5ivUg"
}
2.3 验证代码
import com.ai.emotion.domain.facade.GoogleVerifyFacade;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Repository;
import java.util.Collections;
import java.util.Objects;
/**
* 依赖参考: https://developers.google.cn/api-client-library/java?hl=sr
* api参考: https://developers.google.cn/identity/sign-in/web/backend-auth?hl=sr#java
*/
@Repository
@Slf4j
public class GoogleVerifyFacadeImpl implements GoogleVerifyFacade {
private String CLIENT_ID = "885754318670-0itdhh8fjp6nckkkebb2nh079s1l8pbh.apps.googleusercontent.com";
@Override
public boolean loginVerify(String email, String token) {
if (StringUtils.isAnyBlank(email, token)){
return false;
}
try {
HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport();
GsonFactory defaultInstance = GsonFactory.getDefaultInstance();
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, defaultInstance)
.setAudience(Collections.singletonList(CLIENT_ID))
.build();
GoogleIdToken idToken = verifier.verify(token);
if (idToken != null) {
Payload payload = idToken.getPayload();
return Objects.equals(email, payload.getEmail());
} else {
return false;
}
} catch (Exception e) {
log.error("GoogleVerifyFacadeImpl#loginVerify email {} token {} ", email, token, e);
return false;
}
}
}
