I am not able to differentiate between these two: requestIdToken and requestServerAuthCode, when we signin with google api from android device.
My requirement is to provide option for users to login in android device, and after login sync data to my server. Server need to validate logged in user request from android device. I am thinking to use "requestIdToken". On the server side i am using google client library to fetch user info from requestIdToken.
requestIdToken(String serverClientId) Specifies that an ID token for authenticated users is requested. GoogleSignInOptions.Builder. requestProfile() Specifies that user's profile info is requested by your application.
The id_token is used in OpenID Connect protocol, where the user is authenticated as well as authorized. (There's an important distinction between authentication and authorization.) You will get id_token and access_token. The id_token value contains the information about the user's authentication.
There is
requestIdToken (String serverClientId)
Specifies that an ID token for authenticated users is requested. Requesting an ID token requires that the server client ID be specified.
and there is
requestServerAuthCode (String serverClientId)
Specifies that offline access is requested. Requesting offline access requires that the server client ID be specified.
You don't need to use requestIdToken(String) when you use this option. When your server exchanges the code for tokens, an ID token will be returned together (as long as you either use requestEmail() or requestProfile() along with your configuration).
The first time you retrieve a code, a refresh_token will be granted automatically. Subsequent requests will only return codes that can be exchanged for access token.
From the docs.
As you can read here, requestServerAuthCode()
is specifically for requesting offline access. If you do not need it, use requestIdToken()
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With