How does Google Sign in for Android work without a redirect uri?

问题

The Google Sign in library on Android works without specifying any redirect uri. Why is this the case? To which endpoint does Google send the access code to after the user logs in? And how does it redirect the user back to the app?

Thanks.

回答1:

Now I see, the redirect uri is in fact the app itself, using a uri that points to a page on the app, not to any website. The redirect uri can be set up in the Android app by using the information here: https://developer.android.com/training/app-links/deep-linking. I learned a lot from this youtube video: https://www.youtube.com/watch?v=j3OTZ62AkNU

Once it redirects the user back to the app, the google sign in library handles getting the token and user info.

com.googleusercontent.apps.123:redirect_uri_path
com.example.app is the reverse DNS notation of a domain under your control. The custom scheme must contain a period to be valid.
com.googleusercontent.apps.123 is the reverse DNS notation of the client ID.
redirect_uri_path is an optional path component, such as /oauth2redirect. Note that the path should begin with a single slash, which is different from regular HTTP URLs.

^ Copied from documentation. 123 is your client id. And com.googleusercontent.apps is fixed, not variable. Setting this as the redirect uri in your app will make sure that google directs user back to your app, where the library will handle getting the access token and user profile, etc. You need to have an intent filter in your manifest.xml (or the following in Xamarin) to receive the uri.

[IntentFilter(
    new[] { Intent.ActionView },
    Categories = new[] { Intent.CategoryDefault, Intent.CategoryBrowsable },
    DataSchemes = new[] { "com.googleusercontent.apps.123" },
    DataPath = "/oauth2redirect")]

Its equivalent in the Manifest.xml:

<activity android:label="ActivityCustomUrlSchemeInterceptor" android:launchMode="singleTop" android:noHistory="true" android:name="crc640d96480bfe206cdf.ActivityCustomUrlSchemeInterceptor">
  <intent-filter>
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data android:path="/oauth2redirect" />
    <data android:scheme="com.googleusercontent.apps.123" />
  </intent-filter>
</activity>

来源：https://stackoverflow.com/questions/60984286/how-does-google-sign-in-for-android-work-without-a-redirect-uri

标签

android

oauth

oauth-2.0

google-signin

google-oauth2