问题
I want to authenticate Android users with a Go AppEngine backend,
I can easily get an ID-token in Android by following http://android-developers.blogspot.co.il/2013/01/verifying-back-end-calls-from-android.html
how can I verify the token and get the payload ? is there a Go package for this ?
回答1:
I found the solution myself, the ID-token can be verified with the oauth2/v2 package of the https://code.google.com/p/google-api-go-client/ library.
some installation tweaks are necessary for using it with AppEngine, I found some pointers at http://golangtutorials.blogspot.co.il/2011/11/using-external-api-in-go-appengine.html
回答2:
I have created a golang package available @ https://github.com/emanoelxavier/openid2go that does exactly that without the need of any installation tweaks. It works for other openID identity providers as well, not just Google. It will fetch the signing keys, validate the token (issuer, audiences, expiration, etc) and make the user identity information available to your application service pipeline.
回答3:
Judging from the linked docs, this is just an OAuth2 token. Try taking a look at https://developers.google.com/appengine/docs/go/users/overview#OAuth_in_Go, which describes using OAuth to authenticate users.
回答4:
If you are willing to use an experimental feature, use google cloud endpoints for android. It has builtin oauth authentication.
来源:https://stackoverflow.com/questions/16176744/how-to-verify-google-id-token