Android: What is transport and jsonFactory in GoogleIdTokenVerifier.Builder?

42
votes

in the blow code, whats is transport and jsonFactory ? (I do not understand)

https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;

...

GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport /**Here**/, jsonFactory /**Here**/)
.setAudience(Arrays.asList(CLIENT_ID))
// If you retrieved the token on Android using the Play Services 8.3 API or newer, set
// the issuer to "https://accounts.google.com". Otherwise, set the issuer to 
// "accounts.google.com". If you need to verify tokens from multiple sources, build
// a GoogleIdTokenVerifier for each issuer and try them both.
.setIssuer("https://accounts.google.com")
.build();

// (Receive idTokenString by HTTPS POST)

GoogleIdToken idToken = verifier.verify(idTokenString);
if (idToken != null) {
  Payload payload = idToken.getPayload();

  // Print user identifier
  String userId = payload.getSubject();
  System.out.println("User ID: " + userId);

  // Get profile information from payload
  String email = payload.getEmail();
  boolean emailVerified = Boolean.valueOf(payload.getEmailVerified());
  String name = (String) payload.get("name");
  String pictureUrl = (String) payload.get("picture");
  String locale = (String) payload.get("locale");
  String familyName = (String) payload.get("family_name");
  String givenName = (String) payload.get("given_name");

  // Use or store profile information
  // ...

} else {
  System.out.println("Invalid ID token.");
}
4
androidandroid-studioauthorizationgoogle-api-java-clientgoogle-signin

4 Answers

26
votes

The GoogleIdTokenVerifier.Builder returns a GoogleIdTokenVerifier that will make a request to the tokeninfo endpoint with the transport you give it and use the JSONFactory to create a parser to parse the response.

Here is an example of an authenticator for a Cloud Endpoints project that uses the GoogleIdTokenVerifier.Builder

public class GoogleAuthenticator implements Authenticator {

    private static final Logger log = Logger.getLogger(GoogleAuthenticator.class.getName());
    private static final JacksonFactory jacksonFactory = new JacksonFactory();

    // From: https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library
    // If you retrieved the token on Android using the Play Services 8.3 API or newer, set
    // the issuer to "https://accounts.google.com". Otherwise, set the issuer to
    // "accounts.google.com". If you need to verify tokens from multiple sources, build
    // a GoogleIdTokenVerifier for each issuer and try them both.

    GoogleIdTokenVerifier verifierForNewAndroidClients = new GoogleIdTokenVerifier.Builder(UrlFetchTransport.getDefaultInstance(), jacksonFactory)
            .setAudience(Arrays.asList(CRLConstants.IOS_CLIENT_ID, CRLConstants.ANDROID_CLIENT_ID_RELEASE, CRLConstants.ANDROID_CLIENT_ID_DEBUG))
            .setIssuer("https://accounts.google.com")
            .build();

    GoogleIdTokenVerifier verifierForOtherClients = new GoogleIdTokenVerifier.Builder(UrlFetchTransport.getDefaultInstance(), jacksonFactory)
            .setAudience(Arrays.asList(CRLConstants.IOS_CLIENT_ID, CRLConstants.ANDROID_CLIENT_ID_RELEASE, CRLConstants.ANDROID_CLIENT_ID_DEBUG))
            .setIssuer("accounts.google.com")
            .build();

    // Custom Authenticator class for authenticating google accounts
    @Override
    public User authenticate(HttpServletRequest request) {

        String token = request.getHeader("google_id_token");
        if (token != null) {

            GoogleIdToken idToken = null;
            try {
                idToken = verifierForNewAndroidClients.verify(token);
                if(idToken == null) idToken = verifierForOtherClients.verify(token);

                if (idToken != null) {

                    GoogleIdToken.Payload payload = idToken.getPayload();

                    // Get profile information from payload
                    String userId = payload.getSubject();
                    String email = payload.getEmail();

                    return new GoogleUser(userId, email);

                } else {
                    log.warning("Invalid Google ID token.");
                }

            } catch (GeneralSecurityException e) {
                log.warning(e.getLocalizedMessage());
            } catch (IOException e) {
                log.warning(e.getLocalizedMessage());
            }

        }

        return null;
    }

}
20
votes

Since all the other answers are blah blah blah, here's a short answer:

import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;

GoogleIdTokenVerifier verifier =
    new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new GsonFactory());
5
votes

You need to select transport according to the platform on which you are running the code.

Quoting from the documentation

Implementation is thread-safe, and sub-classes must be thread-safe. For maximum efficiency, applications should use a single globally-shared instance of the HTTP transport.

The recommended concrete implementation HTTP transport library to use depends on what environment you are running in:

Google App Engine: use com.google.api.client.extensions.appengine.http.UrlFetchTransport.
com.google.api.client.apache.ApacheHttpTransport doesn't work on App Engine because the Apache HTTP Client opens its own sockets (though in theory there are ways to hack it to work on App Engine that might work).
com.google.api.client.javanet.NetHttpTransport is discouraged due to a bug in the App Engine SDK itself in how it parses HTTP headers in the response.
Android:
For maximum backwards compatibility with older SDK's use newCompatibleTransport from com.google.api.client.extensions.android.http.AndroidHttp (read its JavaDoc for details).
If your application is targeting Gingerbread (SDK 2.3) or higher, simply use com.google.api.client.javanet.NetHttpTransport.
Other Java environments
com.google.api.client.javanet.NetHttpTransport is based on the HttpURLConnection built into the Java SDK, so it is normally the preferred choice.
com.google.api.client.apache.ApacheHttpTransport is a good choice for users of the Apache HTTP Client, especially if you need some of the configuration options available in that library.

Documentation Link: https://developers.google.com/api-client-library/java/google-http-java-client/reference/1.19.0/com/google/api/client/http/HttpTransport?is-external=true

If you blindly follow the 2nd answer to the question, you will get the exception Caused by: java.lang.ClassNotFoundException: com.google.appengine.api.urlfetch.HTTPMethod

2
votes

JacksonFactory is deprecated. So this works.

import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;

GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new GsonFactory())
.setAudience(Arrays.asList(CRLConstants.IOS_CLIENT_ID, CRLConstants.ANDROID_CLIENT_ID_RELEASE, CRLConstants.ANDROID_CLIENT_ID_DEBUG))
            .setIssuer("accounts.google.com")
            .build();