showSignInButton hasAuth getProfileImage signInSilently getScopes setScopes getTokens refreshTokens signOut disconnect signIn
概述
谷歌登录简介
谷歌登录包括很多种,详情参考谷歌官方文档------谷歌 OAuth 2.0 指南
Basic steps
All applications follow a basic pattern when accessing a Google API using OAuth 2.0. At a high level, you follow four steps:
- Obtain OAuth 2.0 credentials from the Google API Console.
Visit the Google API Console to obtain OAuth 2.0 credentials such as a client ID and client secret that are known to both Google and your application. The set of values varies based on what type of application you are building. For example, a JavaScript application does not require a secret, but a web server application does.
- Obtain an access token from the Google Authorization Server.
Before your application can access private data using a Google API, it must obtain an access token that grants access to that API. A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access-token request, your application sends one or more values in the scope parameter.
There are several ways to make this request, and they vary based on the type of application you are building. For example, a JavaScript application might request an access token using a browser redirect to Google, while an application installed on a device that has no browser uses web service requests.
Some requests require an authentication step where the user logs in with their Google account. After logging in, the user is asked whether they are willing to grant the permissions that your application is requesting. This process is called user consent.
If the user grants the permission, the Google Authorization Server sends your application an access token (or an authorization code that your application can use to obtain an access token). If the user does not grant the permission, the server returns an error.
It is generally a best practice to request scopes incrementally, at the time access is required, rather than up front. For example, an app that wants to support purchases should not request Google Wallet access until the user presses the “buy” button; see Incremental authorization.
- Send the access token to an API.
After an application obtains an access token, it sends the token to a Google API in an HTTP authorization header. It is possible to send tokens as URI query-string parameters, but we don't recommend it, because URI parameters can end up in log files that are not completely secure. Also, it is good REST practice to avoid creating unnecessary URI parameter names.
Access tokens are valid only for the set of operations and resources described in the scope of the token request. For example, if an access token is issued for the Google+ API, it does not grant access to the Google Contacts API. You can, however, send that access token to the Google+ API multiple times for similar operations.
- Refresh the access token, if necessary.
Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.
本插件封装了 Installed applications 方式的谷歌登录功能。
Installed applications
The Google OAuth 2.0 endpoint supports applications that are installed on devices such as computers, mobile devices, and tablets. When you create a client ID through the Google API Console, specify that this is an Installed application, then select Android, Chrome, iOS, or "Other" as the application type.
The process results in a client ID and, in some cases, a client secret, which you embed in the source code of your application. (In this context, the client secret is obviously not treated as a secret.)
The authorization sequence begins when your application redirects a browser to a Google URL; the URL includes query parameters that indicate the type of access being requested. Google handles the user authentication, session selection, and user consent. The result is an authorization code, which the application can exchange for an access token and a refresh token.
The application should store the refresh token for future use and use the access token to access a Google API. Once the access token expires, the application uses the refresh token to obtain a new one.
For details, see Using OAuth 2.0 for Installed Applications.
插件使用攻略
Get an OAuth client ID
If you haven't already created an OAuth client ID, click the button below to do so.
After you create the OAuth client ID, take note of the client ID string, which you will need to configure Google Sign-in in your app. You can optionally download the configuration file, which contains your client ID and other configuration data, for future reference. 注意:iOS端这个过程需要输入包名(Bundle ID)例如:com.apicloud.apploader。
创建完成后会得到一个 configuration 文件(credentials.plist)和 Client ID。
If you already created an OAuth client ID, you can find your existing OAuth information by clicking the button below.
GET AN EXISTING OAUTH CLIENT ID
Add a URL scheme to your project(iOS端)
Google Sign-in requires a custom URL Scheme to be added to your project. 详见 config.xml 文件配置。
自定义附加插件(iOS端)
接下来下载 googleAppendix 插件 zip 包并解压,把 zip 包内的 GoogleService-Info.plist 文件替换为自己上一步创建下载的 .plist 文件。然后重新压缩为 zip 包文件上传自定义插件,云编译时勾选该插件。
配置 config.xml 文件
注意:配置完毕,需通过云端编译生效。
IOS 配置方法如下:
- 名称:google
- 参数:urlScheme、clientID
- 配置示例:
<feature name="google">
<param name="urlScheme" value="googled0d84bbf23b4a0e4"/>
<param name="ios_clientID" value="googled0d84bbf23b4a0e4"/>
</feature>
字段描述:
urlScheme:(必须配置)用于实现应用间跳转及数据交换,本应用可以启动谷歌客户端(谷歌的任何一个移动端app),也可以跳回本应用。urlScheme 的 value 值:The reversed client ID is your client ID with the order of the dot-delimited fields reversed. For example:,如:com.googleusercontent.apps.1234567890-abcdefg
clientID:(必须配置)该值是从上一步创建的 GoogleService-Info.plist 文件内的 CLIENT_ID 对应的参数,如:1234567890-abcdefg.apps.googleusercontent.com。
服务器端验证 token 的方法:https://developers.google.com/identity/sign-in/ios/backend-auth
谷歌登陆插件android平台使用
andorid 平台使用本插件需要注意:
- 当前网络是否可以正常使用google.com,推荐http://s3.amazonaws.com/urtuz53txrmk9/index.html
- 系统中google play services 是否完整,推荐检测工具https://www.coolapk.com/apk/com.goplaycn.googleinstall
- 登陆谷歌管理后台注册开发者,并填写相关信息获取clientID必要参数,https://console.developers.google.com 创建android clientID时需要填写对应android application 的签名sha1码和 包名等...开发者具体操作(略)
【其他注意事项】:
- 在谷歌开发者平台中,验证生成的凭据页面需要创建 ios/andorid/web 三个Oauth2.0客户端ID,注意,一定要选择web client的。
- 接口中涉及到refreshToken字段的接口,该字段对应谷歌官方文档中的https://developers.google.com/android/reference/com/google/android/gms/auth/api/signin/GoogleSignInAccount.html#getServerAuthCode(),该值以登录接口showSignInButton接口返回的为准,其它接口返回的该值存在null的情况,并且,showSignInButton该接口中idToken字段和 refreshToken字段同时全部返回。后台人员可参考https://developers.google.com/identity/sign-in/android/offline-access对该值进行使用
- 更详细的错误码描述,见https://developers.google.com/android/reference/com/google/android/gms/common/api/CommonStatusCodes#SIGN_IN_REQUIRED 和https://developers.google.com/android/reference/com/google/android/gms/auth/api/signin/GoogleSignInStatusCodes
android 插件使用配置方法如下:
- 名称:google
- 参数:clientID
- 配置示例:
<feature name="google">
<param name="android_clientID" value="googled0d84bbf23b4a0e4"/>
</feature>
字段描述:
clientID:(必须配置)该值是由开发者在https://console.developers.google.com 配置生成,填写在对应位置生效;样式如:465993872355-5p3shff1atoavn3d0bejpasknfqu6tm2.apps.googleusercontent.com。
服务器端验证 token 的方法:https://developers.google.com/identity/sign-in/android/backend-auth
插件接口
showSignInButton
添加显示登录按钮
showSignInButton({params},callback(ret, err))
params
rect:
- 类型:JSON 对象
- 描述:(可选项)插件的位置及尺寸
- 内部字段:
{
x: 0, //(可选项)数字类型;插件左上角的 x 坐标(相对于所属的 Window 或 Frame);默认值:0
y: 0, //(可选项)数字类型;插件左上角的 y 坐标(相对于所属的 Window 或 Frame);默认值:0
w: 80, //(可选项)数字类型;插件的宽度;默认值:80
h: 50 //(可选项)数字类型;插件的高度;默认值:50
}
style:
- 类型:字符串
- 描述:(可选项)按钮类型
- 默认:standard
- 取值范围:
- standard:
- iconOnly:
- wide:
colorScheme:
- 类型:字符串
- 描述:(可选项)按钮颜色
- 默认:dark
- 取值范围:
- dark:
- light:
fixedOn:
- 类型:字符串
- 描述:(可选项)插件视图添加到指定 frame 的名字(只指 frame,传 window 无效)
- 默认:插件依附于当前 window
fixed:
- 类型:布尔
- 描述:(可选项)是否将插件视图固定到窗口上(不跟随窗口上下滚动)
- 默认值:true
callback(ret, err)
ret:
- 类型:JSON 对象
- 内部字段:
{
eventType: 'show', //字符串类型;交互事件类型,取值如下:
//show:按钮打开并显示
//didSignIn:登录成功
//err:失败
userInfo: { //JSON对象;用户信息
userID: '', //字符串类型;用户id
authentication: { //JSON对象;用户授权信息
idToken: '', //字符串类型;
idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
clientID: '', //字符串类型;
accessToken:'', //字符串类型;【注意】:android端不支持该参数
actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
refreshToken:'' //字符串类型;
},
profile: { //JSON对象;账号信息
name: '', //字符串类型;
givenName: '', //字符串类型;
familyName: '', //字符串类型;
email: '', //字符串类型;
hasImage: //布尔类型;用户是否有照片
},
accessibleScopes:[] //数组类型;The API scopes requested by the app in an array of string
}
}
err:
- 类型:JSON 对象
- 内部字段:
{
code: 0, //数字类型;错误码
msg: '' //字符串类型;错误信息
}
示例代码
var google = api.require('google');
google.showSignInButton({
rect:{
x:100,
y:64,
w:120,
h:45
},
style: 'standard',
colorScheme: 'light',
fixedOn: api.frameName,
fixed: true
},function(ret, err) {
if (err) {
api.alert({msg:JSON.stringify(err)});
} else {
api.alert({msg:JSON.stringify(ret)});
}
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
getProfileImage
获取用户照片的 URL
getProfileImage({params}, callback(ret))
params
dimension:
- 类型:数字
- 描述:(可选项)照片的大小 【注意】:android端不支持该参数
- 默认:100
callback(ret)
ret:
- 类型:JSON 对象
- 内部字段:
{
imageUrl: '' //字符串类型;图片的地址
}
示例代码
var google = api.require('google');
google.getProfileImage({
dimension: 200
}, function(ret) {
api.alert({msg:ret.imageUrl});
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
hasAuth
判断是否已登录
hasAuth(callback(ret))
callback(ret)
ret:
- 类型:JSON 对象
- 内部字段:
{
status: true //布尔型;是否已登录,true||false
}
示例代码
var google = api.require('google');
google.hasAuth(function(ret, err) {
if (ret.status) {
alert('已登录');
} else {
alert('未登录');
}
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
signInSilently
Attempts to sign in a previously authenticated user without interaction. The showSignInButton's callback will be called at the end of this process indicating success or failure.
signInSilently(## callback(ret, err))
callback(ret, err)
ret:
- 类型:JSON 对象
- 内部字段:
{
eventType: 'show', //字符串类型;交互事件类型,取值如下:
//show:按钮打开并显示
//didSignIn:登录成功
//err:失败
userInfo: { //JSON对象;用户信息
userID: '', //字符串类型;用户id
authentication: { //JSON对象;用户授权信息
idToken: '', //字符串类型;
idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
clientID: '', //字符串类型;
accessToken:'', //字符串类型;【注意】:android端不支持该参数
actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
refreshToken:'' //字符串类型;
},
profile: { //JSON对象;账号信息
name: '', //字符串类型;
givenName: '', //字符串类型;
familyName: '', //字符串类型;
email: '', //字符串类型;
hasImage: //布尔类型;用户是否有照片
},
accessibleScopes:[] //数组类型;The API scopes requested by the app in an array of string
}
}
err:
- 类型:JSON 对象
- 内部字段:
{
code: 0, //数字类型;错误码
msg: '' //字符串类型;错误信息
}
示例代码
var google = api.require('google');
google.signInSilently(function(ret,err){
api.alert({msg:JSON.stringify(ret)});
});
补充说明
可在 setScopes 接口后调用
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
getScopes
The API scopes requested by the app in an array of String
getScopes({params}, callback(ret))
callback(ret)
ret:
- 类型:JSON 对象
- 内部字段:
{
scopes: [] //数组类型;
}
示例代码
var google = api.require('google');
google.getScopes(function(ret, err) {
if (ret) {
api.alert({msg:JSON.stringify(ret)});
}
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
setScopes
设置权限范围 。
- IOS调用本接口后调用 signInSilently;
- android需要重新登陆后设的值才会生效
setScopes({params})
params
scopes:
- 类型:数组
- 描述:权限组成的数组
- 取值范围: PLUS_LOGIN = "https://www.googleapis.com/auth/plus.login"; PLUS_ME = "https://www.googleapis.com/auth/plus.me"; GAMES = "https://www.googleapis.com/auth/games"; CLOUD_SAVE = "https://www.googleapis.com/auth/datastoremobile"; APP_STATE = "https://www.googleapis.com/auth/appstate"; DRIVE_FILE = "https://www.googleapis.com/auth/drive.file"; DRIVE_APPFOLDER = "https://www.googleapis.com/auth/drive.appdata"; FITNESS_ACTIVITY_READ = "https://www.googleapis.com/auth/fitness.activity.read"; FITNESS_ACTIVITY_READ_WRITE = "https://www.googleapis.com/auth/fitness.activity.write"; FITNESS_LOCATION_READ = "https://www.googleapis.com/auth/fitness.location.read"; FITNESS_LOCATION_READ_WRITE = "https://www.googleapis.com/auth/fitness.location.write"; FITNESS_BODY_READ = "https://www.googleapis.com/auth/fitness.body.read"; FITNESS_BODY_READ_WRITE = "https://www.googleapis.com/auth/fitness.body.write"; FITNESS_NUTRITION_READ = "https://www.googleapis.com/auth/fitness.nutrition.read"; FITNESS_NUTRITION_READ_WRITE = "https://www.googleapis.com/auth/fitness.nutrition.write";
";
示例代码
var google = api.require('google');
google.setScopes({
scopes: ''
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
signOut
登出
signOut()
示例代码
var google = api.require('google');
google.signOut();
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
disconnect
Disconnects the current user from the app and revokes previous authentication. If the operation succeeds, the OAuth 2.0 token is also removed from module.
disconnect()
示例代码
var google = api.require('google');
google.disconnect();
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
getTokens
获取授权 token(需要登录授权成功)
getTokens(callback(ret, err))
callback(ret, err)
ret:
- 类型:JSON 对象
- 内部字段:
{
status: true, //布尔型;true||false
authentication: { //JSON对象;用户授权信息
idToken: '', //字符串类型;
idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
clientID: '', //字符串类型;
accessToken:'', //字符串类型;【注意】:android端不支持该参数
actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
refreshToken:'' //字符串类型;
}
}
err:
- 类型:JSON 对象
- 内部字段:
{
code: 0, //数字类型;错误码
msg: '' //字符串类型;错误信息
}
示例代码
var google = api.require('google');
google.getTokens(function(ret, err) {
if (ret.status) {
api.alert({
msg: JSON.stringify(ret)
})
} else {
alert(err.code);
}
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
refreshTokens
刷新token
refreshTokens(callback(ret, err))
callback(ret, err)
ret:
- 类型:JSON 对象
- 内部字段:
{
status: true, //布尔型;true||false
authentication: { //JSON对象;用户授权信息
idToken: '', //字符串类型;
idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
clientID: '', //字符串类型;
accessToken:'', //字符串类型;【注意】:android端不支持该参数
actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
refreshToken:'' //字符串类型;
}
}
err:
- 类型:JSON 对象
- 内部字段:
{
code: 0, //数字类型;错误码
msg: '' //字符串类型;错误信息
}
示例代码
var google = api.require('google');
google.refreshTokens(function(ret, err) {
if (ret.status) {
api.alert({
msg: JSON.stringify(ret)
})
} else {
alert(err.code);
}
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本
signIn
直接登录
signIn(callback(ret, err))
callback(ret, err)
ret:
- 类型:JSON 对象
- 内部字段:
{
eventType: 'show', //字符串类型;交互事件类型,取值如下:
//show:按钮打开并显示
//didSignIn:登录成功
//err:失败
userInfo: { //JSON对象;用户信息
userID: '', //字符串类型;用户id
authentication: { //JSON对象;用户授权信息
idToken: '', //字符串类型;
idtExpiration:'', //字符串类型;idToken过期时间 【注意】:android端不支持该参数
clientID: '', //字符串类型;
accessToken:'', //字符串类型;【注意】:android端不支持该参数
actExpiration:'', //字符串类型;accessToken过期时间 【注意】:android端不支持该参数
refreshToken:'' //字符串类型;
},
profile: { //JSON对象;账号信息
name: '', //字符串类型;
givenName: '', //字符串类型;
familyName: '', //字符串类型;
email: '', //字符串类型;
hasImage: //布尔类型;用户是否有照片
},
accessibleScopes:[] //数组类型;The API scopes requested by the app in an array of string
}
}
err:
- 类型:JSON 对象
- 内部字段:
{
code: 0, //数字类型;错误码
msg: '' //字符串类型;错误信息
}
示例代码
var google = api.require('google');
google.signIn(function(ret, err) {
if (err) {
api.alert({msg:JSON.stringify(err)});
} else {
api.alert({msg:JSON.stringify(ret)});
}
});
可用性
iOS系统,Android系统
可提供的1.0.0及更高版本