Currently, we plan to use Google Sign-In for Android, as our server authentication method.
This is what we plan to do.
Client side (Google Sign-In for Android)
GoogleSignInAccount account = completedTask.getResult(ApiException.class);
// This idToken will sent to backend server.
String idToken = account.getIdToken();
Server side (Google Sign-In for Android)
// Based on received idToken from client, backend server will call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=...
// to identify who is this user.
{
// These six fields are included in all Google ID Tokens.
"iss": "https://accounts.google.com",
"sub": "110169484474386276334",
"azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"iat": "1433978353",
"exp": "1433981953",
// These seven fields are only included when the user has granted the "profile" and
// "email" OAuth scopes to the application.
"email": "testuser@gmail.com",
"email_verified": "true",
"name" : "Test User",
"picture": "https://lh4.googleusercontent.com/-kYgzyAWpZzJ/ABCDEFGHI/AAAJKLMNOP/tIXL9Ir44LE/s99-c/photo.jpg",
"given_name": "Test",
"family_name": "User",
"locale": "en"
}
In the future, we might want to migrate to provide more login option. This is my future migration plan, to migrate from Google Sign-In for Android to Firebase Authentication.
Client side (Firebase Authentication)
FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
mUser.getIdToken(true)
.addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
public void onComplete(@NonNull Task<GetTokenResult> task) {
if (task.isSuccessful()) {
// This idToken will sent to backend server.
String idToken = task.getResult().getToken();
} else {
// Handle error -> task.getException();
}
}
});
Server side (Google Sign-In for Android)
# idToken comes from the client app (shown above)
decoded_token = auth.verify_id_token(idToken)
uid = decoded_token['uid']
My questions are
-
For Google Sign-In for Android, We plan to store
"sub": "110169484474386276334", as an unique identifier to represent a user. Is that a correct field to be used? Is it unique per user? My testing so far is, at client side, we might get differentidTokenfor a same user (At different day). DifferentidTokenfrom same user, will still yield samesubat server side. -
One day, we might migrate to Firebase Authentication to support more login methods. Is it still backward compatible with
Google Sign-In for Android. IsFirebase Authenticationable to return same"sub"as what is previously returned byGoogle Sign-In for Android? As you can see in the code example,Firebase Authenticationis returninguid.
How can I compare new Firebase Authentication's uid, with previous stored Google Sign-In's sub?
from Migrating from Google Sign-In for Android to Firebase Authentication
No comments:
Post a Comment