All geek questions in one place

How to update authentication.idToken using GIDSignIn or GIDAuthentication?

UPDATE 2015-10-28 - Version 2.4.0 of Google login for iOS seems to have resolved this issue, idToken, and accessToken is updated as needed with new GIDAuthenticationmethods getTokensWithHandler:and refreshTokensWithHandler:. GIDSignInThe method SignInSilentlyalso updates both tokens.

I am using the AWS Mobile SDK for iOS, and I have implemented Google login as a Cognito credential provider using the AWS Cognito Sync sample code as the basis. The login (and subsequent silent login) is working correctly, and users with a subscription can access AWS resources such as DynamoDB as intended.

My problem is that it user.authentication.idTokenexpires in one hour, at which point AWS calls fail with authentication errors. I can update user.authentication.accessTokenusing

[self.googleUser.authentication refreshAccessTokenWithHandler:^(NSString *accessToken, NSError *error) {...}

but it does not update idToken. I also tried to call

[[GoogleSignIn sharedInstance] signInSilently];

which gives me a valid idToken on the first call in the session, but although it succeeds, it does not update the idToken on subsequent calls during the same session.

I checked / reset the contents of the token using

https://www.googleapis.com/oauth2/v1/tokeninfo?id_token=<idToken>

and

https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<accessToken>

I'm not sure the problem is that GIDSignIn is not updating the idToken, or that AWS should use refreshToken in order to somehow automatically update the user to the backend. In any case, I have no ideas.

The following are snippets of code. I tested using GoogleSignIn 2.2.0 and 2.3.2 and experienced the same problem.

...
@interface MySignInClass <GIDSignInDelegate>
...
-(void) signInWithGoogle
{
    GIDSignIn *signIn = [GIDSignIn sharedInstance];
    signIn.clientID = MY_GOOGLE_CLIENT_ID;
    signIn.shouldFetchBasicProfile = YES;
    signIn.scopes = [NSArray arrayWithObjects:@"https://www.googleapis.com/auth/userinfo.profile", @"openid", nil];
    signIn.delegate = self;
    if([signIn hasAuthInKeychain]) {
        [signIn signInSilently];
    } else {
        [signIn signIn];
    }
}
...
- (void)signIn:(GIDSignIn *)signIn 
    didSignInForUser:(GIDGoogleUser *)user
           withError:(NSError *)error 
{
    if (error != nil) {
        [self handleSignInError:error]; // Handle error
    }
    else {
        NSString *idToken = user.authentication.idToken;
        NSDictionary* logins = @{@"accounts.google.com": idToken};
        self.credentialsProvider = [[AWSCognitoCredentialsProvider alloc] 
           initWithRegionType:MY_COGNITO_REGION_TYPE
                   identityId:nil
               identityPoolId:MY_COGNITO_IDENTITY_POOL
                       logins:logins];
       AWSServiceConfiguration *configuration = [[AWSServiceConfiguration alloc] 
            initWithRegion:MY_COGNITO_REGION                                                              
       credentialsProvider:self.credentialsProvider];
       AWSServiceManager.defaultServiceManager.defaultServiceConfiguration = configuration;
       // AWSTask stuff removed for simplicity
       AWSTask* task = [self.credentialsProvider getIdentityId];
       ...
    }
}
...
- (void)signIn:(GIDSignIn *)signIn
     didDisconnectWithUser:(GIDGoogleUser *)user
                 withError:(NSError *)error 
{
    [self handleGoogleSignout]; // Do signout stuff
}
...
+4
3

GIDSignIn signInSilently method :

[[GIDSignIn sharedInstance] signInSilently];

signIn:didSignInForUser:withError: idToken.

, 2.4.0 Google iOS signInSilently idToken, .

+1

. , SDK G + iOS.

refresh_token , , API Google, . , , , API, .

0

How about using a timer after 30 minutes and then calling signInSilently?

0
source

Source: https://habr.com/ru/post/1612743/

More articles:


All Articles