1回答

不负相思意

id_token 是一个 jwt。我首先使用validating-google-sign-in-id-token-in-go检查令牌是否可用。authService, err := oauth2.New(http.DefaultClient)if err != nil {    return err}// check token is validtokenInfoCall := authService.Tokeninfo()tokenInfoCall.IdToken(idToken)ctx, cancelFunc := context.WithTimeout(context.Background(), 1*time.Minute)defer cancelFunc()tokenInfoCall.Context(ctx)tokenInfo, er := tokenInfoCall.Do()if err != nil {    // invalid token}然后我将 id_token 解析为 jwt，将有效负载解码为 json。token, _, err := new(jwt.Parser).ParseUnverified(idToken, &TokenInfo{})if tokenInfo, ok := token.Claims.(*TokenInfo); ok {    return tokenInfo, nil} else {    // parse token.payload failed}// TokenInfo structtype TokenInfo struct {        Iss string `json:"iss"`    // userId    Sub string `json:"sub"`    Azp string `json:"azp"`    // clientId    Aud string `json:"aud"`    Iat int64  `json:"iat"`    // expired time    Exp int64 `json:"exp"`    Email         string `json:"email"`    EmailVerified bool   `json:"email_verified"`    AtHash        string `json:"at_hash"`    Name          string `json:"name"`    GivenName     string `json:"given_name"`    FamilyName    string `json:"family_name"`    Picture       string `json:"picture"`    Local         string `json:"locale"`    jwt.StandardClaims}价值如：{ // These six fields are included in all Google ID Tokens. "iss": "https://accounts.google.com", "sub": "110169484474386276334", "azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com", "aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com", "iat": "1433978353", "exp": "1433981953", // These seven fields are only included when the user has granted the "profile" and // "email" OAuth scopes to the application. "email": "testuser@gmail.com", "email_verified": "true", "name" : "Test User", "picture": "https://lh4.googleusercontent.com/-kYgzyAWpZzJ/ABCDEFGHI/AAAJKLMNOP/tIXL9Ir44LE/s99-c/photo.jpg", "given_name": "Test", "family_name": "User", "locale": "en"}然后我得到了照片。

0 0

0