Android: What is transport and jsonFactory in GoogleIdTokenVerifier.Builder?

Farzad picture Farzad · May 11, 2016 · Viewed 8k times · Source

in the blow code, whats is transport and jsonFactory ? (I do not understand)

https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library

import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;

...

GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport /**Here**/, jsonFactory /**Here**/)
.setAudience(Arrays.asList(CLIENT_ID))
// If you retrieved the token on Android using the Play Services 8.3 API or newer, set
// the issuer to "https://accounts.google.com". Otherwise, set the issuer to 
// "accounts.google.com". If you need to verify tokens from multiple sources, build
// a GoogleIdTokenVerifier for each issuer and try them both.
.setIssuer("https://accounts.google.com")
.build();

// (Receive idTokenString by HTTPS POST)

GoogleIdToken idToken = verifier.verify(idTokenString);
if (idToken != null) {
  Payload payload = idToken.getPayload();

  // Print user identifier
  String userId = payload.getSubject();
  System.out.println("User ID: " + userId);

  // Get profile information from payload
  String email = payload.getEmail();
  boolean emailVerified = Boolean.valueOf(payload.getEmailVerified());
  String name = (String) payload.get("name");
  String pictureUrl = (String) payload.get("picture");
  String locale = (String) payload.get("locale");
  String familyName = (String) payload.get("family_name");
  String givenName = (String) payload.get("given_name");

  // Use or store profile information
  // ...

} else {
  System.out.println("Invalid ID token.");
}

Answer

Nick Meinhold picture Nick Meinhold · Jul 5, 2016

The GoogleIdTokenVerifier.Builder returns a GoogleIdTokenVerifier that will make a request to the tokeninfo endpoint with the transport you give it and use the JSONFactory to create a parser to parse the response.

Here is an example of an authenticator for a Cloud Endpoints project that uses the GoogleIdTokenVerifier.Builder

public class GoogleAuthenticator implements Authenticator {

    private static final Logger log = Logger.getLogger(GoogleAuthenticator.class.getName());
    private static final JacksonFactory jacksonFactory = new JacksonFactory();

    // From: https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library
    // If you retrieved the token on Android using the Play Services 8.3 API or newer, set
    // the issuer to "https://accounts.google.com". Otherwise, set the issuer to
    // "accounts.google.com". If you need to verify tokens from multiple sources, build
    // a GoogleIdTokenVerifier for each issuer and try them both.

    GoogleIdTokenVerifier verifierForNewAndroidClients = new GoogleIdTokenVerifier.Builder(UrlFetchTransport.getDefaultInstance(), jacksonFactory)
            .setAudience(Arrays.asList(CRLConstants.IOS_CLIENT_ID, CRLConstants.ANDROID_CLIENT_ID_RELEASE, CRLConstants.ANDROID_CLIENT_ID_DEBUG))
            .setIssuer("https://accounts.google.com")
            .build();

    GoogleIdTokenVerifier verifierForOtherClients = new GoogleIdTokenVerifier.Builder(UrlFetchTransport.getDefaultInstance(), jacksonFactory)
            .setAudience(Arrays.asList(CRLConstants.IOS_CLIENT_ID, CRLConstants.ANDROID_CLIENT_ID_RELEASE, CRLConstants.ANDROID_CLIENT_ID_DEBUG))
            .setIssuer("accounts.google.com")
            .build();

    // Custom Authenticator class for authenticating google accounts
    @Override
    public User authenticate(HttpServletRequest request) {

        String token = request.getHeader("google_id_token");
        if (token != null) {

            GoogleIdToken idToken = null;
            try {
                idToken = verifierForNewAndroidClients.verify(token);
                if(idToken == null) idToken = verifierForOtherClients.verify(token);

                if (idToken != null) {

                    GoogleIdToken.Payload payload = idToken.getPayload();

                    // Get profile information from payload
                    String userId = payload.getSubject();
                    String email = payload.getEmail();

                    return new GoogleUser(userId, email);

                } else {
                    log.warning("Invalid Google ID token.");
                }

            } catch (GeneralSecurityException e) {
                log.warning(e.getLocalizedMessage());
            } catch (IOException e) {
                log.warning(e.getLocalizedMessage());
            }

        }

        return null;
    }

}