Last active
June 2, 2016 08:41
-
-
Save mangege/ff9a41ff2898cf19f88070e2945519c7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'net/http' | |
require 'json' | |
# 此类只是检测 token 是否有效 | |
# 如果前端有传 user_id 和 email 过来,其值还需与接口返回的值对比 | |
class AuthTokenUtil | |
class << self | |
=begin | |
失败返回 nil | |
成功返回接口的Hash类型的结果 | |
{ | |
"iss": "accounts.google.com", | |
"at_hash": "0kr8WiGO6gHjNr8KK3Ytzw", | |
"aud": "23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com", | |
"sub": "117295336048775744994", | |
"email_verified": "true", | |
"azp": "23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com", | |
"hd": "test.com", | |
"email": "test@test.com", | |
"iat": "1460704932", | |
"exp": "1460708532", | |
"name": "Jesse Cao", | |
"given_name": "test", | |
"family_name": "test", | |
"locale": "en", | |
"alg": "RS256", | |
"kid": "389bfb4a5514d745da6b7fa8bd916a6e9394242d" | |
} | |
https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint | |
sub 为 google user id | |
aud 为 web_client_id | |
email 为 email | |
=end | |
def check_google_token(id_token, web_client_id) | |
uri = URI('https://www.googleapis.com/oauth2/v3/tokeninfo') | |
params = {id_token: id_token} | |
uri.query = URI.encode_www_form(params) | |
resp = Net::HTTP.get(uri) | |
data = JSON.parse(resp) | |
if !data.has_key?('sub') || data['aud'] != web_client_id | |
return nil | |
end | |
data | |
end | |
=begin | |
失败返回 nil | |
成功返回接口的Hash类型的结果 | |
{ | |
"data": { | |
"app_id": "1500260676963708", | |
"application": "mangege", | |
"expires_at": 1460710800, | |
"is_valid": true, | |
"scopes": [ | |
"email", | |
"public_profile" | |
], | |
"user_id": "222720944757684" | |
} | |
} | |
=end | |
def check_facebook_token(access_token, app_id, app_secret) | |
uri = URI('https://graph.facebook.com/v2.6/debug_token') | |
params = {input_token: access_token, access_token: "#{app_id}|#{app_secret}"} | |
uri.query = URI.encode_www_form(params) | |
resp = Net::HTTP.get(uri) | |
data = JSON.parse(resp) | |
if !data.has_key?('data') || !data['data'].has_key?('app_id') || data['data']['app_id'].to_s != app_id.to_s | |
return nil | |
end | |
data | |
end | |
def run_test | |
id_token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjM4OWJmYjRhNTUxNGQ3NDVkYTZiN2ZhOGJkOTE2YTZlOTM5NDI0MmQifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXRfaGFzaCI6IjBrcjhXaUdPNmdIak5yOEtLM1l0enciLCJhdWQiOiIyMzg3NzM5OTgwMi1pcHVhbWJoNWlwdm12ZHJmbjJtZWpkYTFzcWowNHVnai5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjExNzI5NTMzNjA0ODc3NTc0NDk5NCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhenAiOiIyMzg3NzM5OTgwMi1pcHVhbWJoNWlwdm12ZHJmbjJtZWpkYTFzcWowNHVnai5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImhkIjoib2NlYW53aW5nLmNvbSIsImVtYWlsIjoiamVzc2UuY2FvQG9jZWFud2luZy5jb20iLCJpYXQiOjE0NjA3MDQ5MzIsImV4cCI6MTQ2MDcwODUzMiwibmFtZSI6Ikplc3NlIENhbyIsImdpdmVuX25hbWUiOiJKZXNzZSIsImZhbWlseV9uYW1lIjoiQ2FvIiwibG9jYWxlIjoiZW4ifQ.H3OGXsLXmT4QyJNhl2POdJYu5lcMjTlLDWFXZG0IsmySO-_2BkLVpJbJkCKMXmPQg61X0NpO_LEFMRLPxi-Iuf1gElHTJHPJgcd0Jdyr1LEK5ICG_mJN2ebbZxef1TkpombdJxApybMKe-pjh0Vmzmv6JykwsC6ulTrSmYqPAiRIgIRa9B5Dg3dWCpIEuwoPYjl-LpEWUer-Ko1nuRXN75-jOiD6XH1xLBNEDf0AwEVU7CK1U93JGOUf3l_kFSB0Vx7kRHpJ9VVEUvlxAAn0ER6L-LaZ4njzpeaRrtuFvoktW90xt54o34cY9uEIETumrTKnaTiEzCzUL0L8wkeyvA' | |
web_client_id = '23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com' | |
puts self.check_google_token(id_token, web_client_id).inspect | |
access_token = 'EAAVUeqi4jXwBAFgQrjEc1rfHe2pwqaNmCjJd2gLFOsati3IgVeiFFt1udjU9JrkP04hot0YbMm6VZCHLXdA90LBTrlIyniNXsXIW46EuEFfEFXVFOoBZCSIFNHp3SQF22CJHbiW6bjbCzUuoPhFeNhBnDU6L8cG60wKZAWByQZDZD' | |
app_id = '1500260676963708' | |
app_secret = '018f0e4ee844e4a06f2854dc31242a10' | |
puts self.check_facebook_token(access_token, app_id, app_secret) | |
end | |
end | |
end | |
AuthTokenUtil.run_test if __FILE__ == $0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Facebook Login JavaScript Example</title> | |
<meta charset="UTF-8"> | |
</head> | |
<body> | |
<script> | |
// This is called with the results from from FB.getLoginStatus(). | |
function statusChangeCallback(response) { | |
console.log('statusChangeCallback'); | |
console.log(response); | |
// The response object is returned with a status field that lets the | |
// app know the current login status of the person. | |
// Full docs on the response object can be found in the documentation | |
// for FB.getLoginStatus(). | |
if (response.status === 'connected') { | |
// Logged into your app and Facebook. | |
testAPI(); | |
} else if (response.status === 'not_authorized') { | |
// The person is logged into Facebook, but not your app. | |
document.getElementById('status').innerHTML = 'Please log ' + | |
'into this app.'; | |
} else { | |
// The person is not logged into Facebook, so we're not sure if | |
// they are logged into this app or not. | |
document.getElementById('status').innerHTML = 'Please log ' + | |
'into Facebook.'; | |
} | |
} | |
// This function is called when someone finishes with the Login | |
// Button. See the onlogin handler attached to it in the sample | |
// code below. | |
function checkLoginState() { | |
FB.getLoginStatus(function(response) { | |
statusChangeCallback(response); | |
}); | |
} | |
window.fbAsyncInit = function() { | |
FB.init({ | |
appId : '1500260676963708', | |
cookie : true, // enable cookies to allow the server to access | |
// the session | |
xfbml : true, // parse social plugins on this page | |
version : 'v2.2' // use version 2.2 | |
}); | |
// Now that we've initialized the JavaScript SDK, we call | |
// FB.getLoginStatus(). This function gets the state of the | |
// person visiting this page and can return one of three states to | |
// the callback you provide. They can be: | |
// | |
// 1. Logged into your app ('connected') | |
// 2. Logged into Facebook, but not your app ('not_authorized') | |
// 3. Not logged into Facebook and can't tell if they are logged into | |
// your app or not. | |
// | |
// These three cases are handled in the callback function. | |
FB.getLoginStatus(function(response) { | |
statusChangeCallback(response); | |
}); | |
}; | |
// Load the SDK asynchronously | |
(function(d, s, id) { | |
var js, fjs = d.getElementsByTagName(s)[0]; | |
if (d.getElementById(id)) return; | |
js = d.createElement(s); js.id = id; | |
js.src = "//connect.facebook.net/en_US/sdk.js"; | |
fjs.parentNode.insertBefore(js, fjs); | |
}(document, 'script', 'facebook-jssdk')); | |
// Here we run a very simple test of the Graph API after login is | |
// successful. See statusChangeCallback() for when this call is made. | |
function testAPI() { | |
console.log('Welcome! Fetching your information.... '); | |
FB.api('/me', function(response) { | |
console.log(response); | |
console.log('Successful login for: ' + response.name); | |
document.getElementById('status').innerHTML = | |
'Thanks for logging in, ' + response.name + '!'; | |
}); | |
} | |
</script> | |
<!-- | |
Below we include the Login Button social plugin. This button uses | |
the JavaScript SDK to present a graphical Login button that triggers | |
the FB.login() function when clicked. | |
--> | |
<fb:login-button scope="public_profile,email" onlogin="checkLoginState();"> | |
</fb:login-button> | |
<div id="status"> | |
</div> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Gooogle Login JavaScript Example</title> | |
<meta charset="UTF-8"> | |
<meta name="google-signin-client_id" content="23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com"> | |
<script src="https://apis.google.com/js/platform.js" async defer></script> | |
</head> | |
<body> | |
<script> | |
function onSignIn(googleUser) { | |
var profile = googleUser.getBasicProfile(); | |
console.log('ID: ' + profile.getId()); // Do not send to your backend! Use an ID token instead. | |
console.log('Name: ' + profile.getName()); | |
console.log('Image URL: ' + profile.getImageUrl()); | |
console.log('Email: ' + profile.getEmail()); | |
var id_token = googleUser.getAuthResponse().id_token; | |
console.log('Id Token: ' + id_token); | |
} | |
</script> | |
<div class="g-signin2" data-onsuccess="onSignIn"></div> | |
<p>hello</p> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment