Menu
I use the following to get an authentication that I can access a backend from an Android app. This is described here https://developers.google.com/identity/protocols/CrossClientAuth.
StringBuffer sb = new StringBuffer();
sb.append("oauth2:server:client_id:");
sb.append(getString(R.string.google_app_id));
sb.append(":api_scope:");
sb.append("profile email");
final String scope = sb.toString();
String token = GoogleAuthUtil.getToken(Activity.this, mAuthAccount, scope);
(mAuthAccount was previously set using AccountPicker.newChooseAccountIntent.)
The above returns a short lived authentication code which sometimes has expired. I would like to check it against google servers, but calling https://www.googleapis.com/oauth2/v1/tokeninfo?access_token= with the returned token string from GoogleAuthUtil.getToken returns "invalid token".
How do I verify that the authentication code has not expired before I try to use it?
Edit: The returned string is not a token, but an authorization code which can be exchanged with a google API to obtain a token (The returned string begins with "/4" and not "/1" or "/2" if I remember correctly).
The code does not always work (on my server) and I would love to be able to check if the code can be used or has expired.
720
You don't need to use app_id to get oauth token, You just need to change scope
"oauth2:" + Scopes.PLUS_LOGIN
In this case your scope can be plus.login
More Info:
Authorizing with Google for REST APIs
Scopes Class
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
