Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is diff between requestIdToken and requestServerAuthCode in google singnin

I am not able to differentiate between these two: requestIdToken and requestServerAuthCode, when we signin with google api from android device.

My requirement is to provide option for users to login in android device, and after login sync data to my server. Server need to validate logged in user request from android device. I am thinking to use "requestIdToken". On the server side i am using google client library to fetch user info from requestIdToken.

like image 317
Gulshan Singh Avatar asked Sep 23 '16 20:09

Gulshan Singh


People also ask

What is requestIdToken?

requestIdToken(String serverClientId) Specifies that an ID token for authenticated users is requested. GoogleSignInOptions.Builder. requestProfile() Specifies that user's profile info is requested by your application.

What is Id_token in Google?

The id_token is used in OpenID Connect protocol, where the user is authenticated as well as authorized. (There's an important distinction between authentication and authorization.) You will get id_token and access_token. The id_token value contains the information about the user's authentication.


1 Answers

There is

requestIdToken (String serverClientId)

Specifies that an ID token for authenticated users is requested. Requesting an ID token requires that the server client ID be specified.

and there is

requestServerAuthCode (String serverClientId)

Specifies that offline access is requested. Requesting offline access requires that the server client ID be specified.

You don't need to use requestIdToken(String) when you use this option. When your server exchanges the code for tokens, an ID token will be returned together (as long as you either use requestEmail() or requestProfile() along with your configuration).

The first time you retrieve a code, a refresh_token will be granted automatically. Subsequent requests will only return codes that can be exchanged for access token.

From the docs.

As you can read here, requestServerAuthCode() is specifically for requesting offline access. If you do not need it, use requestIdToken()

like image 70
Tim Avatar answered Oct 07 '22 23:10

Tim