require 'net/http' | |
require 'json' | |
# 此类只是检测 token 是否有效 | |
# 如果前端有传 user_id 和 email 过来,其值还需与接口返回的值对比 | |
class AuthTokenUtil | |
class << self | |
=begin | |
失败返回 nil | |
成功返回接口的Hash类型的结果 | |
{ | |
"iss": "accounts.google.com", | |
"at_hash": "0kr8WiGO6gHjNr8KK3Ytzw", | |
"aud": "23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com", | |
"sub": "117295336048775744994", | |
"email_verified": "true", | |
"azp": "23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com", | |
"hd": "test.com", | |
"email": "test@test.com", | |
"iat": "1460704932", | |
"exp": "1460708532", | |
"name": "Jesse Cao", | |
"given_name": "test", | |
"family_name": "test", | |
"locale": "en", | |
"alg": "RS256", | |
"kid": "389bfb4a5514d745da6b7fa8bd916a6e9394242d" | |
} | |
https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint | |
sub 为 google user id | |
aud 为 web_client_id | |
email 为 email | |
=end | |
def check_google_token(id_token, web_client_id) | |
uri = URI('https://www.googleapis.com/oauth2/v3/tokeninfo') | |
params = {id_token: id_token} | |
uri.query = URI.encode_www_form(params) | |
resp = Net::HTTP.get(uri) | |
data = JSON.parse(resp) | |
if !data.has_key?('sub') || data['aud'] != web_client_id | |
return nil | |
end | |
data | |
end | |
=begin | |
失败返回 nil | |
成功返回接口的Hash类型的结果 | |
{ | |
"data": { | |
"app_id": "1500260676963708", | |
"application": "mangege", | |
"expires_at": 1460710800, | |
"is_valid": true, | |
"scopes": [ | |
"email", | |
"public_profile" | |
], | |
"user_id": "222720944757684" | |
} | |
} | |
=end | |
def check_facebook_token(access_token, app_id, app_secret) | |
uri = URI('https://graph.facebook.com/v2.6/debug_token') | |
params = {input_token: access_token, access_token: "#{app_id}|#{app_secret}"} | |
uri.query = URI.encode_www_form(params) | |
resp = Net::HTTP.get(uri) | |
data = JSON.parse(resp) | |
if !data.has_key?('data') || !data['data'].has_key?('app_id') || data['data']['app_id'].to_s != app_id.to_s | |
return nil | |
end | |
data | |
end | |
def run_test | |
id_token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjM4OWJmYjRhNTUxNGQ3NDVkYTZiN2ZhOGJkOTE2YTZlOTM5NDI0MmQifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXRfaGFzaCI6IjBrcjhXaUdPNmdIak5yOEtLM1l0enciLCJhdWQiOiIyMzg3NzM5OTgwMi1pcHVhbWJoNWlwdm12ZHJmbjJtZWpkYTFzcWowNHVnai5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjExNzI5NTMzNjA0ODc3NTc0NDk5NCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhenAiOiIyMzg3NzM5OTgwMi1pcHVhbWJoNWlwdm12ZHJmbjJtZWpkYTFzcWowNHVnai5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImhkIjoib2NlYW53aW5nLmNvbSIsImVtYWlsIjoiamVzc2UuY2FvQG9jZWFud2luZy5jb20iLCJpYXQiOjE0NjA3MDQ5MzIsImV4cCI6MTQ2MDcwODUzMiwibmFtZSI6Ikplc3NlIENhbyIsImdpdmVuX25hbWUiOiJKZXNzZSIsImZhbWlseV9uYW1lIjoiQ2FvIiwibG9jYWxlIjoiZW4ifQ.H3OGXsLXmT4QyJNhl2POdJYu5lcMjTlLDWFXZG0IsmySO-_2BkLVpJbJkCKMXmPQg61X0NpO_LEFMRLPxi-Iuf1gElHTJHPJgcd0Jdyr1LEK5ICG_mJN2ebbZxef1TkpombdJxApybMKe-pjh0Vmzmv6JykwsC6ulTrSmYqPAiRIgIRa9B5Dg3dWCpIEuwoPYjl-LpEWUer-Ko1nuRXN75-jOiD6XH1xLBNEDf0AwEVU7CK1U93JGOUf3l_kFSB0Vx7kRHpJ9VVEUvlxAAn0ER6L-LaZ4njzpeaRrtuFvoktW90xt54o34cY9uEIETumrTKnaTiEzCzUL0L8wkeyvA' | |
web_client_id = '23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com' | |
puts self.check_google_token(id_token, web_client_id).inspect | |
access_token = 'EAAVUeqi4jXwBAFgQrjEc1rfHe2pwqaNmCjJd2gLFOsati3IgVeiFFt1udjU9JrkP04hot0YbMm6VZCHLXdA90LBTrlIyniNXsXIW46EuEFfEFXVFOoBZCSIFNHp3SQF22CJHbiW6bjbCzUuoPhFeNhBnDU6L8cG60wKZAWByQZDZD' | |
app_id = '1500260676963708' | |
app_secret = '018f0e4ee844e4a06f2854dc31242a10' | |
puts self.check_facebook_token(access_token, app_id, app_secret) | |
end | |
end | |
end | |
AuthTokenUtil.run_test if __FILE__ == $0 |
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Facebook Login JavaScript Example</title> | |
<meta charset="UTF-8"> | |
</head> | |
<body> | |
<script> | |
// This is called with the results from from FB.getLoginStatus(). | |
function statusChangeCallback(response) { | |
console.log('statusChangeCallback'); | |
console.log(response); | |
// The response object is returned with a status field that lets the | |
// app know the current login status of the person. | |
// Full docs on the response object can be found in the documentation | |
// for FB.getLoginStatus(). | |
if (response.status === 'connected') { | |
// Logged into your app and Facebook. | |
testAPI(); | |
} else if (response.status === 'not_authorized') { | |
// The person is logged into Facebook, but not your app. | |
document.getElementById('status').innerHTML = 'Please log ' + | |
'into this app.'; | |
} else { | |
// The person is not logged into Facebook, so we're not sure if | |
// they are logged into this app or not. | |
document.getElementById('status').innerHTML = 'Please log ' + | |
'into Facebook.'; | |
} | |
} | |
// This function is called when someone finishes with the Login | |
// Button. See the onlogin handler attached to it in the sample | |
// code below. | |
function checkLoginState() { | |
FB.getLoginStatus(function(response) { | |
statusChangeCallback(response); | |
}); | |
} | |
window.fbAsyncInit = function() { | |
FB.init({ | |
appId : '1500260676963708', | |
cookie : true, // enable cookies to allow the server to access | |
// the session | |
xfbml : true, // parse social plugins on this page | |
version : 'v2.2' // use version 2.2 | |
}); | |
// Now that we've initialized the JavaScript SDK, we call | |
// FB.getLoginStatus(). This function gets the state of the | |
// person visiting this page and can return one of three states to | |
// the callback you provide. They can be: | |
// | |
// 1. Logged into your app ('connected') | |
// 2. Logged into Facebook, but not your app ('not_authorized') | |
// 3. Not logged into Facebook and can't tell if they are logged into | |
// your app or not. | |
// | |
// These three cases are handled in the callback function. | |
FB.getLoginStatus(function(response) { | |
statusChangeCallback(response); | |
}); | |
}; | |
// Load the SDK asynchronously | |
(function(d, s, id) { | |
var js, fjs = d.getElementsByTagName(s)[0]; | |
if (d.getElementById(id)) return; | |
js = d.createElement(s); js.id = id; | |
js.src = "//connect.facebook.net/en_US/sdk.js"; | |
fjs.parentNode.insertBefore(js, fjs); | |
}(document, 'script', 'facebook-jssdk')); | |
// Here we run a very simple test of the Graph API after login is | |
// successful. See statusChangeCallback() for when this call is made. | |
function testAPI() { | |
console.log('Welcome! Fetching your information.... '); | |
FB.api('/me', function(response) { | |
console.log(response); | |
console.log('Successful login for: ' + response.name); | |
document.getElementById('status').innerHTML = | |
'Thanks for logging in, ' + response.name + '!'; | |
}); | |
} | |
</script> | |
<!-- | |
Below we include the Login Button social plugin. This button uses | |
the JavaScript SDK to present a graphical Login button that triggers | |
the FB.login() function when clicked. | |
--> | |
<fb:login-button scope="public_profile,email" onlogin="checkLoginState();"> | |
</fb:login-button> | |
<div id="status"> | |
</div> | |
</body> | |
</html> |
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Gooogle Login JavaScript Example</title> | |
<meta charset="UTF-8"> | |
<meta name="google-signin-client_id" content="23877399802-ipuambh5ipvmvdrfn2mejda1sqj04ugj.apps.googleusercontent.com"> | |
<script src="https://apis.google.com/js/platform.js" async defer></script> | |
</head> | |
<body> | |
<script> | |
function onSignIn(googleUser) { | |
var profile = googleUser.getBasicProfile(); | |
console.log('ID: ' + profile.getId()); // Do not send to your backend! Use an ID token instead. | |
console.log('Name: ' + profile.getName()); | |
console.log('Image URL: ' + profile.getImageUrl()); | |
console.log('Email: ' + profile.getEmail()); | |
var id_token = googleUser.getAuthResponse().id_token; | |
console.log('Id Token: ' + id_token); | |
} | |
</script> | |
<div class="g-signin2" data-onsuccess="onSignIn"></div> | |
<p>hello</p> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment