的Android，AWS Cognito谷歌OAuth認證使用CognitoCachingCredentialsProvider

Question

我登錄使用下面的代碼在我的Android應用使用谷歌的OAuth2雲未經驗證：

在我登錄活動onCreate方法，我有：

googleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) 
      .requestScopes(new Scope(Scopes.PLUS_LOGIN)) 
      //requestIdToken takes the google cloud console's project's WEB (not Android) openID client ID. 
      .requestIdToken("my client id") 
      .requestEmail() 
      .build(); 

    SignInButton signInButton = (SignInButton) oAuth.findViewById(R.id.sign_in_button); 
    signInButton.setSize(SignInButton.SIZE_WIDE); 
    signInButton.setScopes(googleSignInOptions.getScopeArray()); 

    googleApiClient = new GoogleApiClient.Builder(oAuth) 
      .enableAutoManage(oAuth, new GoogleApiClient.OnConnectionFailedListener() { 
       @Override 
       public void onConnectionFailed(@NonNull ConnectionResult connectionResult) { 
        Log.d("GoogleOAuth", "Connection failed\n" + connectionResult.getErrorMessage()); 
        Toast.makeText(context, "Failed to connect to Google", Toast.LENGTH_LONG).show(); 
       } 
      }) 
      .addApi(Auth.GOOGLE_SIGN_IN_API, googleSignInOptions) 
      .build(); 

我註冊一個onClick監聽器來登錄按鈕的呼叫：

Intent signInIntent = Auth.GoogleSignInApi.getSignInIntent(googleApiClient); 
    activity.startActivityForResult(signInIntent, GOOGLE_SIGN_IN); 

我得到的活動成果：

public void onActivityResult(OAuth oAuth, Context context, int requestCode, int resultCode, Intent data) { 
    // Result returned from launching the Intent from GoogleSignInApi.getSignInIntent(...); 
    if (requestCode == GOOGLE_SIGN_IN) { 
     GoogleSignInResult result = Auth.GoogleSignInApi.getSignInResultFromIntent(data); 
     if (result.isSuccess()) { 
      GoogleSignInAccount account = result.getSignInAccount(); 
      String idToken = account.getIdToken(); //this has a value 

      Map<String, String> logins = new HashMap<String, String>(); 
      logins.put("accounts.google.com", token); 
      AWSCommunicator.setLogins(oAuth, logins, account); 
      credentialsProvider.setLogins(logins); 
     } 
     else { 
      Toast.makeText(context, "failed to login" + result.getStatus().toString(), Toast.LENGTH_LONG).show(); 
     } 
    } else { 
     Log.d("GoogleAuth", "Bad requestCode: " + requestCode); 
    } 
} 

現在一切運行良好，這一切似乎工作正常。這裏是我看到的一些日誌。

D/CognitoCachingCredentialsProvider: Identity id is changed 
D/CognitoCachingCredentialsProvider: Saving identity id to SharedPreferences 
D/CognitoCachingCredentialsProvider: Clearing credentials from SharedPreferences 
D/CognitoCachingCredentialsProvider: Saving credentials to SharedPreferences 
D/CognitoCachingCredentialsProvider: Saving identity id to SharedPreferences 

一切都很好。我已通過身份驗證，可以對我的API網關端點（使用AWS Api Gateway自動生成的SDK）進行身份驗證。

現在一小時後，我嘗試撥打電話並且該令牌已過期。我如何去獲取新的令牌？然後，我如何刷新Cognito？

Answer 1

您應該能夠從谷歌出售的刷新令牌中獲取來自谷歌的新的Id令牌。此文檔可能會有所幫助。 https://developers.google.com/api-client-library/java/google-api-java-client/oauth2

要刷新Cognito憑據，您只需要使用IdP（Google Oauth）中的最新令牌更新credentialsProvider以獲得最新的憑證。一旦憑證過期，它將自動刷新，如果CognitoCachingCredentialsProvider具有最新的令牌。