Google Account Authentication API for Web App -- AuthSub #2 (AuthSubSessionToken)

延續上一篇文章的內容,這個東西好學多了。

寫過網頁程式的話,把它當成 Session來看,就會比較有感覺

請看完上一篇文章後,再來延續下去...............

 

上一篇文章提到 AuthSubRequest的認證作法,

 1~2的步驟 ,   畫面會直接導去 Google的網頁作帳號、密碼的登入。登入成功,並完成一切手續(授權)之後,

 3,  會返回「我們自訂的網站(網頁)」並且提供一個 token變數

 

現在要用的 AuthSubSessionToken就是把上述的 token保留下來繼續利用。

因而可以使用較長的時間。

或許用我個人的話語來表示:我覺得這方法很類似我們寫網頁程式的 Session一樣。(個人觀點,不保證正確)

 

我們獲得的 token,必須放在HTTP Header裡面,關於這部份的用法:

ASP.NET的設計師,請看這2篇:

ASP的設計師,請看:Response.AddHeader方法 --  http://msdn.microsoft.com/en-us/library/ms524327.aspx

==============================================================================

 

本文的資料來源:http://code.google.com/intl/zh-TW/apis/accounts/docs/AuthSub.html#AuthSubSessionToken

先看看 Google的文件,我稍微用中文註解了一下(但,不保證正確) 

 

AuthSubSessionToken

Call AuthSubSessionToken to exchange a single-use token for a long-lived session token. The single-use token is acquired by calling AuthSubRequest.

AuthSubSessionToken is a programmatic handler. Make an HTTP GET to the following URL: https://www.google.com/accounts/AuthSubSessionToken. Use an Authorization header with the following form:

     Authorization: AuthSub token="token"

If the token is secure, it must be accompanied by a digital signature. See Signing Requests for instructions and examples.

 

Parameter      Description
token

      (required) The authentication token received from Google in response to an AuthSubRequest call.

      上一篇文章提到,最後一個步驟會返回「我們自訂的網站(網頁)」並且提供一個 token變數。

Sample Request

This example shows a request for a non-secure session token.

GET /accounts/AuthSubSessionToken HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="GD32CMCL25aZ-v____8B"
User-Agent: Java/1.5.0_06
Host: https://www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

AuthSubSessionToken Response

成功的話,會傳回HTTP 2000的訊息。  這個token跟我們常用的 Session一樣,他也會過期(有時效性)

If the request for a session token is successful, Google responds with an HTTP 200 message with a set of key-value pairs in a "key=value" format. These values contain a session token and an expiration date. You can ignore the expiration date, which is not currently used; session tokens effectively do not expire.

Sample Responses

This example illustrates an AuthSub token returned in the response header.

Token=DQAA...7DCTN             註:token變數的「值」
Expiration=20061004T123456Z    註:使用期限

 

==============================================================================

AuthSubRevokeToken

Session不用了,可以強制拋棄(停用)。這個Token也行。

Call AuthSubRevokeToken to revoke a valid session token. Session tokens have no expiration date and remain valid unless revoked.   後續用法都跟上面類似。

AuthSubRevokeToken is a programmatic handler. To revoke a session token, make an HTTP GET to the following URL: https://www.google.com/accounts/AuthSubRevokeToken. Use an Authorization header with the following form:

Authorization: AuthSub token="token"

If the token is secure, it must be accompanied by a digital signature. See Signing Requests for instructions and examples.

 

Parameter    Description
token(required) The session token, received in response to an AuthSubSessionToken request, to be revoked.  用法都跟上面類似。上一篇文章提到,最後一個步驟會返回「我們自訂的網站(網頁)」並且提供一個 token變數。

Sample Request

This example shows a revocation request for a non-secure session token.

GET /accounts/AuthSubRevokeToken HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="GD32CMCL25aZ-v____8B"
User-Agent: Java/1.5.0_06
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

AuthSubRevokeToken Response

成功的話,會傳回HTTP 2000的訊息。

If the request for session token revocation is successful, Google responds with an HTTP 200 message.

==============================================================================

 

AuthSubTokenInfo   (重要喔~)

Call AuthSubTokenInfo to test whether a given session token is valid. This method validates the token in the same way that a Google service would; application developers can use this method to verify that their application is getting valid tokens and handling them appropriately without making a call to the real Google service. It can also be used to get information about the token, including next URL, scope, and secure status, as specified in the original token request.

This method can be used for both single-use and session tokens. Keep in mind, however, that if it is called with a single-use token, the call is treated as a valid use. Consequently, the AuthSubTokenInfo response indicates the token is valid, but the token is rendered invalid from that point on.

AuthSubTokenInfo is a programmatic handler. Make an HTTP GET to the following URL: https://www.google.com/accounts/AuthSubTokenInfo. Use an Authorization header with the following form:

Authorization: AuthSub token="token"

If the token is secure, it must be accompanied by a digital signature. See Signing Requests for instructions and examples.

 

Parameter    Description
token(required) The authentication token received from Google in response to an AuthSub request.用法都跟上面類似。上一篇文章提到,最後一個步驟會返回「我們自訂的網站(網頁)URL網址」並且提供一個 token變數。

Sample Request

This example shows a request for information on a non-secure token.

GET /accounts/AuthSubTokenInfo HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: AuthSub token="GD32CMCL25aZ-v____8B"
User-Agent: Java/1.5.0_06
Host: https://www.google.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

AuthSubTokenInfo Response

成功的話,會傳回HTTP 2000的訊息。

If the request is successful, Google responds with an HTTP 200 message with a set of key-value pairs in a "key=value" format. These values identify the target URL, scope, and secure status values, which were specified in the original token request. The target URL is simply the hostname gleaned from the next URL value

    註:next參數,上一篇文章有提到。就是透過Google的登入驗證後,要返回「我們自訂的網站(網頁)」的URL網址。

Sample Responses

This example illustrates a response containing a session authentication token.

Target=http://www.yourwebapp.com
Scope=http://www.google.com/calendar/feeds/
Secure=true

 

 

 

 

 

 

 

今日值班正妹,韓國女星,宋惠喬幫 Levi's牛仔褲代言的海報

很漂亮,只是穿太多、包太緊

 

 

 

我將思想傳授他人, 他人之所得,亦無損於我之所有;

猶如一人以我的燭火點燭,光亮與他同在,我卻不因此身處黑暗。----Thomas Jefferson

線上課程教學,遠距教學 (Web Form 約 51hr)  https://dotblogs.com.tw/mis2000lab/2016/02/01/aspnet_online_learning_distance_education_VS2015

線上課程教學,遠距教學 (ASP.NET MVC 約 140hr)  https://dotblogs.com.tw/mis2000lab/2018/08/14/ASPnet_MVC_Online_Learning_MIS2000Lab

 

寫信給我,不要私訊 --  mis2000lab (at) yahoo.com.tw  或  school (at) mis2000lab.net

 (1) 第一天 ASP.NET MVC5 完整影片(5.5小時 / .NET 4.x版)免費試聽。影片 https://youtu.be/9spaHik87-A 

 (2) 第一天 ASP.NET Core MVC 完整影片(3小時 / .NET Core 6.0~8.0)免費試聽。影片 https://youtu.be/TSmwpT-Bx4I 

[學員感言] mis2000lab課程評價 - ASP.NET MVC , WebForm  。 https://mis2000lab.medium.com/%E5%AD%B8%E5%93%A1%E6%84%9F%E8%A8%80-mis2000lab%E8%AA%B2%E7%A8%8B%E8%A9%95%E5%83%B9-asp-net-mvc-webform-77903ce9680b  


ASP.NET遠距教學、線上課程(Web Form + MVC)。 第一天課程, "完整" 試聽。 

.........   facebook社團   https://www.facebook.com/mis2000lab   ......................

.........  YouTube (ASP.NET) 線上教學影片  https://www.youtube.com/channel/UC6IPPf6tvsNG8zX3u1LddvA/

 

Blog文章 "附的範例" 無法下載,請看 https://dotblogs.com.tw/mis2000lab/2016/03/14/2008_2015_mis2000lab_sample_download

請看我們的「售後服務」範圍(嚴格認定)。

...................................................................................................................................................... 

ASP.NET MVC  => .NET Core MVC 線上教學  ...... 第一天課程 完整內容 "免費"讓您評估 / 試聽

[遠距教學、教學影片] ASP.NET (Web Form) 課程 上線了!MIS2000Lab.主講   事先錄好的影片,並非上課側錄!   觀看時,有如「一對一」面對面講課