问题
How do I validate an OAuth2 token obtained on an Android device via the Google Identity Toolkit (GitkitClient) on 3rd-party backend (custom python backend, non-gae)?
I'm able to obtain a token on Android via the use of GitkitClient.
But how can my non-google-app-engine (Python) backend verify that this token is valid (from Google)?
回答1:
You could use the Google Identity Toolkit Python client library to verify that token: https://github.com/google/identity-toolkit-python-client.
p12_file = 'YOUR_SERVICE_ACCOUNT_PRIVATE_KEY_FILE.p12'
f = file(p12_file, 'rb')
key = f.read()
f.close()
gitkit_instance = gitkitclient.GitkitClient(
client_id='YOUR_WEB_APPLICATION_CLIENT_ID_AT_GOOGLE_DEVELOPER_CONSOLE',
service_account_email='YOUR_SERVICE_ACCOUNT_EMAIL@developer.gserviceaccount.com',
service_account_key=key,
widget_url='URL_ON_YOUR_SERVER_TO_HOST_GITKIT_WIDGET')
user = gitkit_instance.VerifyGitkitToken(request.COOKIES['gtoken'])
来源:https://stackoverflow.com/questions/31865465/validating-oauth2-token-obtained-on-android-device-via-google-identity-toolkit