I am currently using the google sign to authenticate users in my application, but I am having problems with id_token after updating it. I have the following variables set. One for the iOS client and one for the server. This follows the AWS examples. I use AWS to access the server and therefore must have a client id and web app id.
static let GOOGLE_CLIENT_ID = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx7dde.apps.googleusercontent.com"
static let GOOGLE_WEB_APPLICATION_ID = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx65ap.apps.googleusercontent.com"
When I first enter the application, it works as expected. I get an id id that has the following:
{
"iss": "https://accounts.google.com",
"at_h ash": "xxxxxxxxxxxxxxxxxxxxxx",
"aud": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx65ap.apps.googleusercontent.com",
"sub": "xxxxxxxxxxxxxxxxxxxxxx",
"email_verified": true,
"azp": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx7dde.apps.googleusercontent.com",
"email": "2222MyNewEmailIsHere@gmail.com",
"iat": 1475747692,
"exp": 1475751292
}
You can see that “aud” matches GOOGLE_WEB_APPLICATION_ID, and “azp” matches GOOGLE_CLIENT_ID.
However, if I do refreshTokensWithHandler as follows:
GIDSignIn.sharedInstance().currentUser.authentication.refreshTokensWithHandler { (GIDAuthentication, error) in
self.googleAuth = GIDAuthentication;
self.completeGoogleLogin()
}
. id , , . "aud" , , . , .
{
"iss": "https://accounts.google.com",
"at_h ash": "xxxxxxxxxxxxxxxxxxxxxx",
"aud": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx7dde.apps.googleusercontent.com"",
"sub": "xxxxxxxxxxxxxxxxxxxxxx",
"email_verified": true,
"azp": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx7dde.apps.googleusercontent.com",
"email": "2222MyNewEmailIsHere@gmail.com",
"iat": 1475747692,
"exp": 1475751292
}
, "aud" "azp" . , , , .
, - ? , GIDSignIn .