Should I store the ID token persistently in Google sign in? -
i using google sign-in in app, , send id token backhand server user signed in , id token retrieved. add id token header of each http request, , validate it, user's id , respond data app. wondering if ok store id token persistently , use future request. id token change or expire time? if so, how new id token? can't find approach other asking user sign in again. or should validate id token once , use id directly in future requests?
don't store id token. google id tokens issued 1 hour validity , expire, can use silentsignin in app new 1 without user interaction. if existing token hasn't expired yet, (cached) version (optionalpendingresult
returned have isdone() == true
); if expired already, refreshed 1 (but take little longer , optionalpendingresult isdone()
false
).
here sample code (ui thread, see note below worker thread):
googlesigninoptions gso = new googlesigninoptions.builder(googlesigninoptions.default_sign_in) .requestidtoken(getstring(r.string.server_client_id)) mgoogleapiclient = new googleapiclient.builder(this) .enableautomanage(this /* fragmentactivity */, /* onconnectionfailedlistener */) .addapi(auth.google_sign_in_api, gso) .build(); ... optionalpendingresult<googlesigninresult> opr = auth.googlesigninapi.silentsignin(mgoogleapiclient); if (opr.isdone()) { // if user's cached credentials valid, optionalpendingresult "done" // , googlesigninresult available instantly. log.d(tag, "got cached sign-in"); googlesigninresult result = opr.get(); handlesigninresult(result); // result.getsigninaccount().getidtoken(), etc. } else { // if user has not signed in on device or sign-in has expired, // asynchronous branch attempt sign in user silently. cross-device // single sign-on occur in branch. opr.setresultcallback(new resultcallback<googlesigninresult>() { @override public void onresult(googlesigninresult googlesigninresult) { handlesigninresult(googlesigninresult); // result.getsigninaccount().getidtoken(), etc. } }); }
keep in mind whether call silentsignin
on ui thread or worker thread. if call on worker thread, take @ post blockingconnect()
+ await()
simplifies code lot: silent sign in retrieve token googleapiclient
Comments
Post a Comment