在我的iOS应用程序中,我为用户添加了退出该Google帐户的功能。为此,我正在以下地址启动SFSafariViewController
的新实例,如此question中所述:
https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://myapp.mycompany.ca/api/v1/logout/google
它确实起作用,但是Google显示了一个令人讨厌的重定向通知:
如this问题中所述,它是Google设计的intended behavior,并且需要对URL进行签名。我构建了以下客户端应用程序,使我能够对自己的URL进行签名:
try
{
using (Stream certJsonStream = Assembly.GetExecutingAssembly().GetManifestResourceStream(ServiceAccountKeyFile))
{
var certDefinition = new {client_email = "", private_key = ""};
using (var streamReader = new StreamReader(certJsonStream))
{
var jsonAsObject = JsonConvert.DeserializeAnonymousType(await streamReader.ReadToEndAsync(), certDefinition);
// Create an explicit ServiceAccountCredential credential
var xCred = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(jsonAsObject.client_email)
{
Scopes = new[]
{
IAMCredentialsService.Scope.CloudPlatform
}
}.FromPrivateKey(jsonAsObject.private_key));
var iamCredentialsService = new IAMCredentialsService(
new BaseClientService.Initializer()
{
HttpClientInitializer = xCred,
});
var signBlobRequest = new SignBlobRequest
{
Payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(Url)),
};
ProjectsResource.ServiceAccountsResource.SignBlobRequest signBlobRequest1 = iamCredentialsService.Projects.ServiceAccounts.SignBlob(signBlobRequest, "projects/-/serviceAccounts/*service-account-name*@appspot.gserviceaccount.com");
SignBlobResponse response = await signBlobRequest1.ExecuteAsync();
Console.WriteLine($"Blob to sign: {Url}");
Console.WriteLine($" Signed data: {response.SignedBlob}");
}
}
}
catch (Exception exc)
{
Console.WriteLine();
Console.WriteLine($"The following error has been thrown: {exc}");
}
Console.WriteLine();
Console.WriteLine($" -= PRESS A KEY TO EXIT =-");
Console.ReadLine();
其中:
ServiceAccountKeyFile
指向包含为我的服务帐户生成的私钥的JSON文件;Url
要签名的URL;问题
我如何使用签名的Blob?我应该将其嵌入到https://appengine.google.com/_ah/logout
URL中吗?我尚未找到有关此部分的任何文档。
我面临着同样的问题在这种情况下,官方文档并没有说明如何构建签名的URL。我的代码使用the signBlob Method和Signed URLs v2 Process。我也一直在关注描述How to Create Google Cloud Storage Signed URL In Java
的链接String signInput = "GET" + "\n"
+ "" + "\n"
+ "" + "\n"
+ expiryTime + "\n"
+ "/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://localhost:3000"
SignBlobRequest requestBody = new SignBlobRequest();
requestBody.setBytesToSign(Base64.getEncoder().encodeToString(signInput.getBytes()));
Iam iamService = createIamService();
Iam.Projects.ServiceAccounts.SignBlob request = iamService
.projects().serviceAccounts()
.signBlob(name, requestBody);
SignBlobResponse response = request.execute();
对象响应包含用于构建注销链接的签名字段:
https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://localhost:3000?GoogleAccessId=XXXXXX&Expires=YYYYY&Signature=ZZZZZZZ
因此,Google仍在显示重定向通知。
我构建signInput的方式正确吗?我编码此输入的方式正确吗?我想知道正确的进行方法。
提前感谢!