auth_token_util.rb

require 'net/http'
require 'json'

# 此类只是检测 token 是否有效
# 如果前端有传 user_id 和 email 过来,其值还需与接口返回的值对比

class AuthTokenUtil
  class << self

=begin
失败返回 nil
成功返回接口的Hash类型的结果

{
 "iss": "accounts.google.com",
 "at_hash": "0kr8WiGO6gHjNr8KK3Ytzw",
 "aud": "23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com",
 "sub": "117295336048775744994",
 "email_verified": "true",
 "azp": "23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com",
 "hd": "test.com",
 "email": "test@test.com",
 "iat": "1460704932",
 "exp": "1460708532",
 "name": "Jesse Cao",
 "given_name": "test",
 "family_name": "test",
 "locale": "en",
 "alg": "RS256",
 "kid": "389bfb4a5514d745da6b7fa8bd916a6e9394242d"
}

https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint
sub 为 google user id
aud 为 web_client_id
email 为 email
=end

    def check_google_token(id_token, web_client_id)
      uri = URI('https://www.googleapis.com/oauth2/v3/tokeninfo')
      params = {id_token: id_token}
      uri.query = URI.encode_www_form(params)
      resp = Net::HTTP.get(uri)
      data = JSON.parse(resp)

      if !data.has_key?('sub') || data['aud'] != web_client_id
        return nil
      end

      data
    end


=begin
失败返回 nil
成功返回接口的Hash类型的结果

{
    "data": {
        "app_id": "1500260676963708",
        "application": "mangege",
        "expires_at": 1460710800,
        "is_valid": true,
        "scopes": [
            "email",
            "public_profile"
        ],
        "user_id": "222720944757684"
    }
}

=end

    def check_facebook_token(access_token, app_id, app_secret)
      uri = URI('https://graph.facebook.com/v2.6/debug_token')
      params = {input_token: access_token, access_token: "#{app_id}|#{app_secret}"}
      uri.query = URI.encode_www_form(params)
      resp = Net::HTTP.get(uri)
      data = JSON.parse(resp)

      if !data.has_key?('data') || !data['data'].has_key?('app_id') || data['data']['app_id'].to_s != app_id.to_s
        return nil
      end

      data
    end

    def run_test
      id_token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjM4OWJmYjRhNTUxNGQ3NDVkYTZiN2ZhOGJkOTE2YTZlOTM5NDI0MmQifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXRfaGFzaCI6IjBrcjhXaUdPNmdIak5yOEtLM1l0enciLCJhdWQiOiIyMzg3NzM5OTgwMi1pcHVhbWJoNWlwdm12ZHJmbjJtZWpkYTFzcWowNHVnai5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjExNzI5NTMzNjA0ODc3NTc0NDk5NCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhenAiOiIyMzg3NzM5OTgwMi1pcHVhbWJoNWlwdm12ZHJmbjJtZWpkYTFzcWowNHVnai5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImhkIjoib2NlYW53aW5nLmNvbSIsImVtYWlsIjoiamVzc2UuY2FvQG9jZWFud2luZy5jb20iLCJpYXQiOjE0NjA3MDQ5MzIsImV4cCI6MTQ2MDcwODUzMiwibmFtZSI6Ikplc3NlIENhbyIsImdpdmVuX25hbWUiOiJKZXNzZSIsImZhbWlseV9uYW1lIjoiQ2FvIiwibG9jYWxlIjoiZW4ifQ.H3OGXsLXmT4QyJNhl2POdJYu5lcMjTlLDWFXZG0IsmySO-_2BkLVpJbJkCKMXmPQg61X0NpO_LEFMRLPxi-Iuf1gElHTJHPJgcd0Jdyr1LEK5ICG_mJN2ebbZxef1TkpombdJxApybMKe-pjh0Vmzmv6JykwsC6ulTrSmYqPAiRIgIRa9B5Dg3dWCpIEuwoPYjl-LpEWUer-Ko1nuRXN75-jOiD6XH1xLBNEDf0AwEVU7CK1U93JGOUf3l_kFSB0Vx7kRHpJ9VVEUvlxAAn0ER6L-LaZ4njzpeaRrtuFvoktW90xt54o34cY9uEIETumrTKnaTiEzCzUL0L8wkeyvA'
      web_client_id = '23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com'
      puts self.check_google_token(id_token, web_client_id).inspect


      access_token = 'EAAVUeqi4jXwBAFgQrjEc1rfHe2pwqaNmCjJd2gLFOsati3IgVeiFFt1udjU9JrkP04hot0YbMm6VZCHLXdA90LBTrlIyniNXsXIW46EuEFfEFXVFOoBZCSIFNHp3SQF22CJHbiW6bjbCzUuoPhFeNhBnDU6L8cG60wKZAWByQZDZD'
      app_id = '1500260676963708'
      app_secret = '018f0e4ee844e4a06f2854dc31242a10'
      puts self.check_facebook_token(access_token, app_id, app_secret)
    end
  end
end

AuthTokenUtil.run_test if __FILE__ == $0

fb.html

<!DOCTYPE html>
<html>
<head>
<title>Facebook Login JavaScript Example</title>
<meta charset="UTF-8">
</head>
<body>
<script>
  // This is called with the results from from FB.getLoginStatus().
  function statusChangeCallback(response) {
    console.log('statusChangeCallback');
    console.log(response);
    // The response object is returned with a status field that lets the
    // app know the current login status of the person.
    // Full docs on the response object can be found in the documentation
    // for FB.getLoginStatus().
    if (response.status === 'connected') {
      // Logged into your app and Facebook.
      testAPI();
    } else if (response.status === 'not_authorized') {
      // The person is logged into Facebook, but not your app.
      document.getElementById('status').innerHTML = 'Please log ' +
        'into this app.';
    } else {
      // The person is not logged into Facebook, so we're not sure if
      // they are logged into this app or not.
      document.getElementById('status').innerHTML = 'Please log ' +
        'into Facebook.';
    }
  }

  // This function is called when someone finishes with the Login
  // Button.  See the onlogin handler attached to it in the sample
  // code below.
  function checkLoginState() {
    FB.getLoginStatus(function(response) {
      statusChangeCallback(response);
    });
  }

  window.fbAsyncInit = function() {
  FB.init({
    appId      : '1500260676963708',
    cookie     : true,  // enable cookies to allow the server to access 
                        // the session
    xfbml      : true,  // parse social plugins on this page
    version    : 'v2.2' // use version 2.2
  });

  // Now that we've initialized the JavaScript SDK, we call 
  // FB.getLoginStatus().  This function gets the state of the
  // person visiting this page and can return one of three states to
  // the callback you provide.  They can be:
  //
  // 1. Logged into your app ('connected')
  // 2. Logged into Facebook, but not your app ('not_authorized')
  // 3. Not logged into Facebook and can't tell if they are logged into
  //    your app or not.
  //
  // These three cases are handled in the callback function.

  FB.getLoginStatus(function(response) {
    statusChangeCallback(response);
  });

  };

  // Load the SDK asynchronously
  (function(d, s, id) {
    var js, fjs = d.getElementsByTagName(s)[0];
    if (d.getElementById(id)) return;
    js = d.createElement(s); js.id = id;
    js.src = "//connect.facebook.net/en_US/sdk.js";
    fjs.parentNode.insertBefore(js, fjs);
  }(document, 'script', 'facebook-jssdk'));

  // Here we run a very simple test of the Graph API after login is
  // successful.  See statusChangeCallback() for when this call is made.
  function testAPI() {
    console.log('Welcome!  Fetching your information.... ');
    FB.api('/me', function(response) {
    console.log(response);
      console.log('Successful login for: ' + response.name);
      document.getElementById('status').innerHTML =
        'Thanks for logging in, ' + response.name + '!';
    });
  }
</script>

<!--
  Below we include the Login Button social plugin. This button uses
  the JavaScript SDK to present a graphical Login button that triggers
  the FB.login() function when clicked.
-->

<fb:login-button scope="public_profile,email" onlogin="checkLoginState();">
</fb:login-button>

<div id="status">
</div>

</body>
</html>

g.html

<!DOCTYPE html>
<html>
<head>
<title>Gooogle Login JavaScript Example</title>
<meta charset="UTF-8">
<meta name="google-signin-client_id" content="23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com">
<script src="https://apis.google.com/js/platform.js" async defer></script>
</head>
<body>
<script>
function onSignIn(googleUser) {
    var profile = googleUser.getBasicProfile();
    console.log('ID: ' + profile.getId()); // Do not send to your backend! Use an ID token instead.
    console.log('Name: ' + profile.getName());
    console.log('Image URL: ' + profile.getImageUrl());
    console.log('Email: ' + profile.getEmail());

    var id_token = googleUser.getAuthResponse().id_token;
    console.log('Id Token: ' + id_token);
}
</script>

<div class="g-signin2" data-onsuccess="onSignIn"></div>

<p>hello</p>
</body>
</html>