Backend Google AccessToken validation

Posted on by nihed

Backend need for same cases to validate that Google access token provided by third application (mobile or front) is ok.
To do this task, we need same dependencies

  1. <dependency>
  2.     <groupId>com.google.http-client</groupId>
  3.     <artifactId>google-http-client</artifactId>
  4.     <version>1.19.0</version>
  5. </dependency>
  6.  
  7. <dependency>
  8.     <groupId>com.google.http-client</groupId>
  9.     <artifactId>google-http-client-jackson2</artifactId>
  10.     <version>1.19.0</version>
  11. </dependency>
  12.  
  13. <dependency>
  14.     <groupId>com.google.api-client</groupId>
  15.     <artifactId>google-api-client</artifactId>
  16.     <version>1.19.1</version>
  17. </dependency>
  18.  
  19. <dependency>
  20.     <groupId>com.google.apis</groupId>
  21.     <artifactId>google-api-services-plus</artifactId>
  22.     <version>v1-rev165-1.19.0</version>
  23. </dependency>

and use this code to get the Person object

  1. GoogleCredential credential = new GoogleCredential().setAccessToken("blablabla");
  2.  
  3. Plus plus = new Plus.Builder(GoogleNetHttpTransport.newTrustedTransport(), JacksonFactory.getDefaultInstance(), credential).build();
  4.  
  5. Person profile = plus.people().get("me").execute();
  6. System.out.println("ID: " + profile.getId());
  7. System.out.println("Name: " + profile.getDisplayName());
  8. System.out.println("Image URL: " + profile.getImage().getUrl());
  9. System.out.println("Profile URL: " + profile.getUrl());
  10. System.out.println("Emails: "+profile.getEmails());

You need now to validate that the Id provided is equal to what google return and email exist in profile.getEmails() list.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.