This repository has been archived by the owner on May 30, 2023. It is now read-only.
Android: Ensure a new one time token on each login #119
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When using the androidApiKey parameter a short-lived one time token is generated, which can then be passed to the server where it can be exchanged for a proper access and refresh token. Since all tokens get cached by GoogleAuthUtil logging in a second time will cause the token to be invalid if it was used before or some time has passed.
|
Hi @phw thanks for the PR, it makes sense to do this indeed. Would you mind being a committer on the repo so you can merge it yourself and make other little changes in case you need them? |
Sure, I would be happy to help :) What do you think about the |
|
Honestly don't know about that one, would require a bit of studying. Perhaps open a separate issue and ask around for opinions. Please go ahead and merge your own PR ;) |
phw
added a commit
that referenced
this pull request
Sep 17, 2015
Android: Ensure a new one time token on each login
|
I will take a look at the other case and do some research. |
|
Wonderful, thanks! |
This was referenced Sep 18, 2015
|
Hi @phw I'm using the offline option and I'm getting always the same token which doesn't work when I try to use it the response I get from Google is that the token is invalid. I also used this URL to test the token: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token= Is it possible to include this change for the offline feature? Thanks. |
guillermo-varela
added a commit
to guillermo-varela/cordova-plugin-googleplus
that referenced
this pull request
Nov 25, 2015
Based on EddyVerbruggen#119 I tested this on an app I'm working where every authentication attempt returned the same invalid token. After applying this change, the authentication works fine each time.
shinyMetilda
pushed a commit
to shinyMetilda/cordova-plugin-googleplus
that referenced
this pull request
Mar 22, 2016
…resh Android: Ensure a new one time token on each login
shinyMetilda
pushed a commit
to shinyMetilda/cordova-plugin-googleplus
that referenced
this pull request
Mar 22, 2016
Based on EddyVerbruggen#119 I tested this on an app I'm working where every authentication attempt returned the same invalid token. After applying this change, the authentication works fine each time.
pwbs
pushed a commit
to pwbs/cordova-plugin-googleplus
that referenced
this pull request
Jun 27, 2017
# This is the 1st commit message: # This is a combination of 3 commits. # This is the 1st commit message: # This is a combination of 2 commits. # This is the 1st commit message: # This is a combination of 2 commits. # This is the 1st commit message: # This is a combination of 2 commits. # This is the 1st commit message: # This is a combination of 2 commits. # This is the 1st commit message: # This is a combination of 7 commits. # This is the 1st commit message: # This is a combination of 3 commits. # This is the 1st commit message: # This is a combination of 3 commits. # This is the 1st commit message: # This is a combination of 2 commits. # This is the 1st commit message: # This is a combination of 6 commits. # This is the 1st commit message: # This is a combination of 10 commits. # This is the 1st commit message: Finished implementation # The commit message EddyVerbruggen#2 will be skipped: # Attempt at some decent documentation # The commit message EddyVerbruggen#3 will be skipped: # Attempt at some decent documentation # The commit message EddyVerbruggen#4 will be skipped: # Added iOS screenshots # The commit message EddyVerbruggen#5 will be skipped: # cleanup # The commit message EddyVerbruggen#6 will be skipped: # Added a permission for Android preventing a crash on some devices # The commit message EddyVerbruggen#7 will be skipped: # Cleanup # The commit message EddyVerbruggen#8 will be skipped: # iOSApiKey is for iOS, not for Android :) # The commit message EddyVerbruggen#9 will be skipped: # EddyVerbruggen#3 redirect url not handled when redirected from Google+ app on iOS # The commit message EddyVerbruggen#10 will be skipped: # EddyVerbruggen#6 ADD Birthday and AgeRange # The commit message EddyVerbruggen#1 will be skipped: # EddyVerbruggen#6 ADD Birthday and AgeRange (wasn't really happy with the PR, so I changed it a bit and added iOS support). Thanks for the help! # The commit message EddyVerbruggen#2 will be skipped: # EddyVerbruggen#6 addtional checks on Android # The commit message EddyVerbruggen#3 will be skipped: # Add userId property to let developer to get Google user ID for business logic. # The commit message EddyVerbruggen#4 will be skipped: # EddyVerbruggen#7, needed to manually merge # The commit message EddyVerbruggen#5 will be skipped: # EddyVerbruggen#7, needed additional flag # The commit message EddyVerbruggen#6 will be skipped: # Missing dependency for iOS 8 SDK # The commit message EddyVerbruggen#7 will be skipped: # Android - play services jar fixed version # The commit message EddyVerbruggen#8 will be skipped: # Android playservices updated to 21 # The commit message EddyVerbruggen#9 will be skipped: # Update README.md # # Fix typo. I believe this is for iOS only right now and not Android yet if I'm not mistaken. # The commit message EddyVerbruggen#10 will be skipped: # A note about Android config # The commit message EddyVerbruggen#1 will be skipped: # EddyVerbruggen#15 added troubleshooting section # The commit message EddyVerbruggen#2 will be skipped: # Adding idToken to Android # # Based on this gist [1] I'm adding support for getting the auth oauth2 token # that Google generates after the user accepts the login. # # [1] https://gist.github.com/ianbarber/5170508 # The commit message EddyVerbruggen#3 will be skipped: # Introducing idToken and oauthToken # # Allow the user to configure the service so any of the 3 possibles can be reached # when the user passes webApiKey in the credentials dictionary will get a JWT token # id, if androidApiKey is set in the credentials then an off-line capable oauth2 # token bearer will be generated in the oauthToken value, while if no argument is # set a simple oauth2 token will get generated. # The commit message EddyVerbruggen#4 will be skipped: # Adding extra necessary permissions # The commit message EddyVerbruggen#5 will be skipped: # EddyVerbruggen#12 oauthToken for iOS # The commit message EddyVerbruggen#6 will be skipped: # EddyVerbruggen#22 User-cancelled login on iOS - Neither the success nor error callbacks are called # The commit message EddyVerbruggen#7 will be skipped: # EddyVerbruggen#26 Preparing submission to plugins.cordova.io # The commit message EddyVerbruggen#8 will be skipped: # Prep plugin registry release (as tarball, to circumvent an npm symlink issue) # The commit message EddyVerbruggen#9 will be skipped: # Added a warning about the current state of the plugman publish command # The commit message EddyVerbruggen#10 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#1 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#2 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#3 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#4 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#5 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#6 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#7 will be skipped: # Removing the symlinks from iOS libs to be plugman (npm) publish compliant # The commit message EddyVerbruggen#8 will be skipped: # EddyVerbruggen#37 Google+ login using web browser is rejected on the App Store. # The commit message EddyVerbruggen#9 will be skipped: # From Cordova 4 setActivityResultCallback is on CordovaInterfaceImpl # The commit message EddyVerbruggen#10 will be skipped: # Not importing android-support-v4 # The commit message EddyVerbruggen#1 will be skipped: # EddyVerbruggen#45 login and trySilendLogin now return userdata on Android # The commit message EddyVerbruggen#2 will be skipped: # Update plugin.xml # The commit message EddyVerbruggen#3 will be skipped: # Update plugin.xml # The commit message EddyVerbruggen#4 will be skipped: # EddyVerbruggen#56 new playservices version # The commit message EddyVerbruggen#5 will be skipped: # npm # The commit message EddyVerbruggen#6 will be skipped: # or not to npm.. # The commit message EddyVerbruggen#7 will be skipped: # replace deprecated dependency plugin # The commit message EddyVerbruggen#8 will be skipped: # New ID, published to npm # The commit message EddyVerbruggen#9 will be skipped: # New ID, published to npm # The commit message EddyVerbruggen#10 will be skipped: # PGB note # The commit message EddyVerbruggen#1 will be skipped: # Update dependencies to gradle format to fix EddyVerbruggen#64 # The commit message EddyVerbruggen#2 will be skipped: # bump # The commit message EddyVerbruggen#3 will be skipped: # Switch to Google Sign-In SDK for iOS # # This should fix Apple rejection from popping up Safari. # Will update README soon. # Update version to 3.0.0. # The commit message EddyVerbruggen#4 will be skipped: # Allowed scope to be passed into signin # The commit message EddyVerbruggen#5 will be skipped: # Attempt to fix offline screen # The commit message EddyVerbruggen#6 will be skipped: # Cleanup for google plus connection with scopes and offline access # The commit message EddyVerbruggen#7 will be skipped: # Fixed REVERSED_CLIENT_ID variable # The commit message EddyVerbruggen#8 will be skipped: # Invalid quotes (according to my IDE) # The commit message EddyVerbruggen#9 will be skipped: # Made ios use scopes # The commit message EddyVerbruggen#10 will be skipped: # Added server auth code logic for ios # The commit message EddyVerbruggen#1 will be skipped: # Made server auth code not throw a null reference # The commit message EddyVerbruggen#2 will be skipped: # Plugin update to 4.0.0: # - Changed the ID to cordova-plugin-googleplus (again) # - Wider Android dependent fwk compatibility # - Documented scopes feature # - Removed the need for the iosApiKey # The commit message EddyVerbruggen#3 will be skipped: # Fixed npm reference in doc # The commit message EddyVerbruggen#4 will be skipped: # EddyVerbruggen#95 Crash when using isAvailable method before login # The commit message EddyVerbruggen#5 will be skipped: # access_token fix for iOS # # The access_token will now be returned as: accessToken # The commit message EddyVerbruggen#6 will be skipped: # * generate both oauthToken and idToken # The commit message EddyVerbruggen#7 will be skipped: # Added an "offline" parameter to enable getting a server auth token even without androidApiKey. # The commit message EddyVerbruggen#8 will be skipped: # Added info to README about the API key for serverClientId. # The commit message EddyVerbruggen#9 will be skipped: # Google decided to change a link without adding a nice redirect # The commit message EddyVerbruggen#10 will be skipped: # Enabled getting serverAuthCode when the webApiKey param is set. # The commit message EddyVerbruggen#2 will be skipped: # EddyVerbruggen#108 Added an option to generate access token for offline access on Android # The commit message EddyVerbruggen#3 will be skipped: # EddyVerbruggen#82 Google Plus window not loading! # EddyVerbruggen#113 Not getting user extras (e.g. imageUrl) in callback object. Re-added imageUrl for iOS # The commit message EddyVerbruggen#4 will be skipped: # Android: Ensure a new one time token on each login # # When using the androidApiKey parameter a short-lived one time token # is generated, which can then be passed to the server where it can be # exchanged for a proper access and refresh token. Since all tokens get # cached by GoogleAuthUtil logging in a second time will cause the token # to be invalid if it was used before or some time has passed. # The commit message EddyVerbruggen#5 will be skipped: # EddyVerbruggen#118 App Crash # The commit message EddyVerbruggen#6 will be skipped: # EddyVerbruggen#147 Android fwk tags # The commit message EddyVerbruggen#7 will be skipped: # Android 6.0 # # Added call to request permission # The commit message EddyVerbruggen#8 will be skipped: # EddyVerbruggen#149 Android 6.0 # The commit message EddyVerbruggen#9 will be skipped: # IOS Build fails with compilation errors EddyVerbruggen#150 # The commit message EddyVerbruggen#10 will be skipped: # IOS Build fails with compilation errors EddyVerbruggen#150 # The commit message EddyVerbruggen#1 will be skipped: # Android: Gets a new offline token on each login # # Based on EddyVerbruggen#119 # I tested this on an app I'm working where every authentication attempt returned the same invalid token. After applying this change, the authentication works fine each time. # The commit message EddyVerbruggen#2 will be skipped: # Get refreshToken on iOS sign in # # The refresh token is a useful token for third party apps, to refresh the access token and keep users logged in. # The commit message EddyVerbruggen#3 will be skipped: # Update README.md # The commit message EddyVerbruggen#4 will be skipped: # Updated Google Sign-In iOS SDK to 2.4.0 # The commit message EddyVerbruggen#5 will be skipped: # Enabled GoogleOpenSource.framework explicitely # The commit message EddyVerbruggen#6 will be skipped: # EddyVerbruggen#153 Ios updated google framework # The commit message EddyVerbruggen#2 will be skipped: # EddyVerbruggen#168 IOS Build failure with this plugin # The commit message EddyVerbruggen#2 will be skipped: # Added a few npm keywords # The commit message EddyVerbruggen#3 will be skipped: # Update GooglePlus.java # # Fix for app crash on android 6 # The commit message EddyVerbruggen#2 will be skipped: # A note about failing Android builds # The commit message EddyVerbruggen#3 will be skipped: # Adding a link to how to use keytool # The commit message EddyVerbruggen#2 will be skipped: # Update README.md # The commit message EddyVerbruggen#3 will be skipped: # Update README.md # The commit message EddyVerbruggen#4 will be skipped: # Google success login redirects to google.com issue fixed # The commit message EddyVerbruggen#5 will be skipped: # iOS readme updated to include latest Google SDK changes # The commit message EddyVerbruggen#6 will be skipped: # Update README.md # The commit message EddyVerbruggen#7 will be skipped: # Update README.md # The commit message EddyVerbruggen#2 will be skipped: # Remove OpenSource and Plus libraries. # The commit message EddyVerbruggen#2 will be skipped: # ignoring some more files # The commit message EddyVerbruggen#2 will be skipped: # Google SignIn framework bump # The commit message EddyVerbruggen#2 will be skipped: # ignore # The commit message EddyVerbruggen#2 will be skipped: # testing sth # The commit message EddyVerbruggen#3 will be skipped: # testing sth # The commit message EddyVerbruggen#2 will be skipped: # new demos for firebase and ionic2+firebase # The commit message EddyVerbruggen#3 will be skipped: # typo fix
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When using the
androidApiKeyparameter a short-lived one time tokenis generated, which can then be passed to the server where it can be
exchanged for a proper access and refresh token. Since all tokens get
cached by
GoogleAuthUtillogging in a second time will cause the tokento be invalid if it was used before or some time has passed.
I am not quite sure if we should do the same when
GooglePlus.this.requestOfflineTokenis used.