问题
After I read Verifying Back-End Calls from Android Apps (http://android-developers.blogspot.tw/2013/01/verifying-back-end-calls-from-android.html), I also read Google Play services and OAuth Identity Tools (http://android-developers.blogspot.tw/2012/09/google-play-services-and-oauth-identity.html) and it says
"You should call GoogleAuthUtil.getToken() to get a token before each set of GETs or POSTs; it’s smart about caching things appropriately, and also about dealing with token expiry and refresh. "
After reading the sentence, I have three questions.
- Because it is necessary to call
GoogleAuthUtil.getToken()to get a token before each set of GETs or POSTs, I wonder whetherGoogleAuthUtil.getToken()is thread safe.
Suppose a scenario, I need to synchronize with my server periodically in the background. Before each time I contact with my server with a set of HTTP requests, I need to call GoogleAuthUtil.getToken() so requests can be sent with a valid token.
On the other hand side, when users is interacting with my app, I also need to do the same thing: call GoogleAuthUtil.getToken() to get token and send it with a set of HTTP requests to my server. Because users may interactive with the app when the background sync is in progress, GoogleAuthUtil.getToken() may be called in two different thread at the same time. Therefore, I would like to know whether getToken() is thread safe.
2.Is there a way that I can get the token expiry time so I can cache the token? I checked the document (http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html) there is no method like this.
3.Should I refresh the token that GoogleAuthUtil.getToken() returns? If it is, is there a method to do so? Or, should I call GoogleAuthUtil.getToken() every time when a valid token is needed?
回答1:
- I wouldn't worry about thread-safe-ness. I’m trying to think what could go wrong as a result of a thread collision and nothing leaps to mind.
2 & 3. The only documented way to find the token expiry time, is to hit the tokeninfo endpoint, but I don't think you want to add an HTTP round-trip for this purpose. I think the smart thing is just to keep calling getToken() and it'll make sure that what you get back is long-lived enough to be useful. It'll refresh as necessary so you don't have to.
来源:https://stackoverflow.com/questions/18959880/is-googleauthutil-gettoken-thread-safe