Backend Google AccessToken validation
Backend need for same cases to validate that Google access token provided by third application (mobile or front) is ok.
To do this task, we need same dependencies
-
<dependency>
-
<groupId>com.google.http-client</groupId>
-
<artifactId>google-http-client</artifactId>
-
<version>1.19.0</version>
-
</dependency>
-
-
<dependency>
-
<groupId>com.google.http-client</groupId>
-
<artifactId>google-http-client-jackson2</artifactId>
-
<version>1.19.0</version>
-
</dependency>
-
-
<dependency>
-
<groupId>com.google.api-client</groupId>
-
<artifactId>google-api-client</artifactId>
-
<version>1.19.1</version>
-
</dependency>
-
-
<dependency>
-
<groupId>com.google.apis</groupId>
-
<artifactId>google-api-services-plus</artifactId>
-
<version>v1-rev165-1.19.0</version>
-
</dependency>
and use this code to get the Person object
-
GoogleCredential credential = new GoogleCredential().setAccessToken("blablabla");
-
-
Plus plus = new Plus.Builder(GoogleNetHttpTransport.newTrustedTransport(), JacksonFactory.getDefaultInstance(), credential).build();
-
-
Person profile = plus.people().get("me").execute();
You need now to validate that the Id provided is equal to what google return and email exist in profile.getEmails() list.