google

来自于:APICloud立即使用

概述

谷歌登录简介

谷歌登录包括很多种,详情参考谷歌官方文档------谷歌 OAuth 2.0 指南

Basic steps

All applications follow a basic pattern when accessing a Google API using OAuth 2.0. At a high level, you follow four steps:

  1. Obtain OAuth 2.0 credentials from the Google API Console.

Visit the Google API Console to obtain OAuth 2.0 credentials such as a client ID and client secret that are known to both Google and your application. The set of values varies based on what type of application you are building. For example, a JavaScript application does not require a secret, but a web server application does.

  1. Obtain an access token from the Google Authorization Server.

Before your application can access private data using a Google API, it must obtain an access token that grants access to that API. A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access-token request, your application sends one or more values in the scope parameter.

There are several ways to make this request, and they vary based on the type of application you are building. For example, a JavaScript application might request an access token using a browser redirect to Google, while an application installed on a device that has no browser uses web service requests.

Some requests require an authentication step where the user logs in with their Google account. After logging in, the user is asked whether they are willing to grant the permissions that your application is requesting. This process is called user consent.

If the user grants the permission, the Google Authorization Server sends your application an access token (or an authorization code that your application can use to obtain an access token). If the user does not grant the permission, the server returns an error.

It is generally a best practice to request scopes incrementally, at the time access is required, rather than up front. For example, an app that wants to support purchases should not request Google Wallet access until the user presses the “buy” button; see Incremental authorization.

  1. Send the access token to an API.

After an application obtains an access token, it sends the token to a Google API in an HTTP authorization header. It is possible to send tokens as URI query-string parameters, but we don't recommend it, because URI parameters can end up in log files that are not completely secure. Also, it is good REST practice to avoid creating unnecessary URI parameter names.

Access tokens are valid only for the set of operations and resources described in the scope of the token request. For example, if an access token is issued for the Google+ API, it does not grant access to the Google Contacts API. You can, however, send that access token to the Google+ API multiple times for similar operations.

  1. Refresh the access token, if necessary.

Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.

本模块封装了 Installed applications 方式的谷歌登录功能。

Installed applications

The Google OAuth 2.0 endpoint supports applications that are installed on devices such as computers, mobile devices, and tablets. When you create a client ID through the Google API Console, specify that this is an Installed application, then select Android, Chrome, iOS, or "Other" as the application type.

The process results in a client ID and, in some cases, a client secret, which you embed in the source code of your application. (In this context, the client secret is obviously not treated as a secret.)

The authorization sequence begins when your application redirects a browser to a Google URL; the URL includes query parameters that indicate the type of access being requested. Google handles the user authentication, session selection, and user consent. The result is an authorization code, which the application can exchange for an access token and a refresh token.

The application should store the refresh token for future use and use the access token to access a Google API. Once the access token expires, the application uses the refresh token to obtain a new one.

For details, see Using OAuth 2.0 for Installed Applications.

Get a configuration file

在iOS 平台上使用本模块前,需要先一个配置文件(GoogleService-Info.plist)。这个配置文件是谷歌生成的,配置方法如下文所述。

To use the sample, you need to provide some additional information to get a configuration file and finish setting up your project. Use the Bundle ID com.google.samples.quickstart.SignInExample for the sample.

After you complete the registration, download the GoogleServices-Info.plist file to add to your project.

GET A CONFIGURATION FILE

在谷歌开放平台配置完包名(bundle id)和app名后,最终会得到一个 GoogleService-Info.plist 文件。

接下来下载 googleAppendix 模块 zip 包并解压,把 zip 包内的 GoogleService-Info.plist 文件替换为自己的。然后重新压缩为 zip 包文件上传自定义模块,云编译时勾选该模块。

配置 config.xml 文件

注意:配置完毕,需通过云端编译生效。

IOS 配置方法如下:

  • 名称:google
  • 参数:urlScheme、clientID
  • 配置示例:
  <feature name="google">
    <param name="urlScheme" value="googled0d84bbf23b4a0e4"/>
    <param name="clientID" value="googled0d84bbf23b4a0e4"/>
  </feature>
  • 字段描述:

    urlScheme:(必须配置)用于实现应用间跳转及数据交换,本应用可以启动谷歌客户端(谷歌的任何一个移动端app),也可以跳回本应用。urlScheme 的 value 值是从上一步创建的 GoogleService-Info.plist 文件内的 REVERSED_CLIENT_ID 对应的参数,如:com.googleusercontent.apps.465993872355-5p3shff1atoavn3d0bejpasknfqu6tm2。

    clientID:(必须配置)该值是从上一步创建的 GoogleService-Info.plist 文件内的 CLIENT_ID 对应的参数,如:465993872355-5p3shff1atoavn3d0bejpasknfqu6tm2.apps.googleusercontent.com。

服务器端验证 token 的方法:https://developers.google.com/identity/sign-in/ios/backend-auth

谷歌登陆模块android平台使用

andorid 平台使用本模块需要注意:

【其他注意事项】:

android 模块使用配置方法如下:

  • 名称:google
  • 参数:clientID
  • 配置示例:
  <feature name="google">
    <param name="clientID" value="googled0d84bbf23b4a0e4"/>
  </feature>
  • 字段描述:

    clientID:(必须配置)该值是由开发者在https://console.developers.google.com 配置生成,填写在对应位置生效;样式如:465993872355-5p3shff1atoavn3d0bejpasknfqu6tm2.apps.googleusercontent.com。

服务器端验证 token 的方法:https://developers.google.com/identity/sign-in/android/backend-auth

模块接口

showSignInButton

添加显示登录按钮

showSignInButton({params},callback(ret, err))

params

rect:

  • 类型:JSON 对象
  • 描述:(可选项)模块的位置及尺寸
  • 内部字段:
{
    x: 0,   //(可选项)数字类型;模块左上角的 x 坐标(相对于所属的 Window 或 Frame);默认值:0
    y: 0,   //(可选项)数字类型;模块左上角的 y 坐标(相对于所属的 Window 或 Frame);默认值:0
    w: 80,  //(可选项)数字类型;模块的宽度;默认值:80
    h: 50   //(可选项)数字类型;模块的高度;默认值:50
}

style:

  • 类型:字符串
  • 描述:(可选项)按钮类型
  • 默认:standard
  • 取值范围:
    • standard:
    • iconOnly:
    • wide:

colorScheme:

  • 类型:字符串
  • 描述:(可选项)按钮颜色
  • 默认:dark
  • 取值范围:
    • dark:
    • light:

fixedOn:

  • 类型:字符串
  • 描述:(可选项)模块视图添加到指定 frame 的名字(只指 frame,传 window 无效)
  • 默认:模块依附于当前 window

fixed:

  • 类型:布尔
  • 描述:(可选项)是否将模块视图固定到窗口上(不跟随窗口上下滚动)
  • 默认值:true

callback(ret, err)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
    eventType: 'show',      //字符串类型;交互事件类型,取值如下:
                            //show:按钮打开并显示
                            //didSignIn:登录成功
                            //err:失败
    userInfo: {             //JSON对象;用户信息
       userID: '',          //字符串类型;用户id
       authentication: {    //JSON对象;用户授权信息
          idToken: '',      //字符串类型;
          idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
          clientID: '',     //字符串类型; 
          accessToken:'',   //字符串类型;【注意】:android端不支持该参数
          actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
          refreshToken:''   //字符串类型;
       },       
       profile: {           //JSON对象;账号信息
          name: '',         //字符串类型;
          givenName: '',    //字符串类型;
          familyName: '',   //字符串类型;
          email: '',        //字符串类型;
          hasImage:         //布尔类型;用户是否有照片
       },
       accessibleScopes:[]  //数组类型;The API scopes requested by the app in an array of string
    }
}

err:

  • 类型:JSON 对象
  • 内部字段:
{
    code: 0,    //数字类型;错误码
    msg: ''     //字符串类型;错误信息
}

示例代码

var google = api.require('google');
google.showSignInButton({
   rect:{
     x:100,
     y:64,
     w:120,
     h:45
   },
   style: 'standard',
   colorScheme: 'light',
   fixedOn: api.frameName,
   fixed: true
},function(ret, err) {
    if (err) {
        api.alert({msg:JSON.stringify(err)});
    } else {
        api.alert({msg:JSON.stringify(ret)});
    }
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

getProfileImage

获取用户照片的 URL

getProfileImage({params}, callback(ret))

params

dimension:

  • 类型:数字
  • 描述:(可选项)照片的大小 【注意】:android端不支持该参数
  • 默认:100

callback(ret)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
    imageUrl: ''   //字符串类型;图片的地址
}

示例代码

var google = api.require('google');
google.getProfileImage({
    dimension: 200
}, function(ret) {
    api.alert({msg:ret.imageUrl});
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

hasAuth

判断是否已登录

hasAuth(callback(ret))

callback(ret)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
    status: true   //布尔型;是否已登录,true||false
}

示例代码

var google = api.require('google');
google.hasAuth(function(ret, err) {
    if (ret.status) {
        alert('已登录');
    } else {
        alert('未登录');
    }
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

signInSilently

Attempts to sign in a previously authenticated user without interaction. The showSignInButton's callback will be called at the end of this process indicating success or failure.

signInSilently(##callback(ret, err))

callback(ret, err)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
    eventType: 'show',      //字符串类型;交互事件类型,取值如下:
                            //show:按钮打开并显示
                            //didSignIn:登录成功
                            //err:失败
    userInfo: {             //JSON对象;用户信息
       userID: '',          //字符串类型;用户id
       authentication: {    //JSON对象;用户授权信息
          idToken: '',      //字符串类型;
          idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
          clientID: '',     //字符串类型; 
          accessToken:'',   //字符串类型;【注意】:android端不支持该参数 
          actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
          refreshToken:''   //字符串类型;
       },       
       profile: {           //JSON对象;账号信息
          name: '',         //字符串类型;
          givenName: '',    //字符串类型;
          familyName: '',   //字符串类型;
          email: '',        //字符串类型;
          hasImage:         //布尔类型;用户是否有照片
       },
       accessibleScopes:[]  //数组类型;The API scopes requested by the app in an array of string
    }
}

err:

  • 类型:JSON 对象
  • 内部字段:
{
    code: 0,    //数字类型;错误码
    msg: ''     //字符串类型;错误信息
}

示例代码

var google = api.require('google');
google.signInSilently(function(ret,err){
    api.alert({msg:JSON.stringify(ret)});
});

补充说明

可在 setScopes 接口后调用

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

getScopes

The API scopes requested by the app in an array of String

getScopes({params}, callback(ret))

callback(ret)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
    scopes: []   //数组类型;
}

示例代码

var google = api.require('google');
google.getScopes(function(ret, err) {
    if (ret) {
        api.alert({msg:JSON.stringify(ret)});
    }
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

setScopes

设置权限范围 。

  • IOS调用本接口后调用 signInSilently;
  • android需要重新登陆后设的值才会生效

setScopes({params})

params

scopes:

";

示例代码

var google = api.require('google');
google.setScopes({
    scopes: ''
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

signOut

登出

signOut()

示例代码

var google = api.require('google');
google.signOut();

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

disconnect

Disconnects the current user from the app and revokes previous authentication. If the operation succeeds, the OAuth 2.0 token is also removed from module.

disconnect()

示例代码

var google = api.require('google');
google.disconnect();

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

getTokens

获取授权 token(需要登录授权成功

getTokens(callback(ret, err))

callback(ret, err)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
  status: true,      //布尔型;true||false
       authentication: {    //JSON对象;用户授权信息
          idToken: '',      //字符串类型;
          idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
          clientID: '',     //字符串类型; 
          accessToken:'',   //字符串类型;【注意】:android端不支持该参数
          actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
          refreshToken:''   //字符串类型;
       }
}

err:

  • 类型:JSON 对象
  • 内部字段:
{
    code: 0,    //数字类型;错误码
    msg: ''     //字符串类型;错误信息
}

示例代码

var google = api.require('google');
google.getTokens(function(ret, err) {
    if (ret.status) {
        alert(JSON.stringify(ret));
    } else {
        alert(err.code);
    }
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

refreshTokens

刷新token

refreshTokens(callback(ret, err))

callback(ret, err)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
  status: true,      //布尔型;true||false
       authentication: {    //JSON对象;用户授权信息
          idToken: '',      //字符串类型;
          idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
          clientID: '',     //字符串类型; 
          accessToken:'',   //字符串类型;【注意】:android端不支持该参数
          actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
          refreshToken:''   //字符串类型;
       }
}

err:

  • 类型:JSON 对象
  • 内部字段:
{
    code: 0,    //数字类型;错误码
    msg: ''     //字符串类型;错误信息
}

示例代码

var google = api.require('google');
google.refreshTokens(function(ret, err) {
    if (ret.status) {
        alert(JSON.stringify(ret));
    } else {
        alert(err.code);
    }
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本

signIn

直接登录

signIn(callback(ret, err))

callback(ret, err)

ret:

  • 类型:JSON 对象
  • 内部字段:
{
    eventType: 'show',      //字符串类型;交互事件类型,取值如下:
                            //show:按钮打开并显示
                            //didSignIn:登录成功
                            //err:失败
    userInfo: {             //JSON对象;用户信息
       userID: '',          //字符串类型;用户id
       authentication: {    //JSON对象;用户授权信息
          idToken: '',      //字符串类型;
          idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
          clientID: '',     //字符串类型; 
          accessToken:'',   //字符串类型;【注意】:android端不支持该参数
          actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
          refreshToken:''   //字符串类型;
       },       
       profile: {           //JSON对象;账号信息
          name: '',         //字符串类型;
          givenName: '',    //字符串类型;
          familyName: '',   //字符串类型;
          email: '',        //字符串类型;
          hasImage:         //布尔类型;用户是否有照片
       },
       accessibleScopes:[]  //数组类型;The API scopes requested by the app in an array of string
    }
}

err:

  • 类型:JSON 对象
  • 内部字段:
{
    code: 0,    //数字类型;错误码
    msg: ''     //字符串类型;错误信息
}

示例代码

var google = api.require('google');
google.signIn({function(ret, err) {
    if (err) {
        api.alert({msg:JSON.stringify(err)});
    } else {
        api.alert({msg:JSON.stringify(ret)});
    }
});

可用性

iOS系统,Android系统

可提供的1.0.0及更高版本