本文介绍怎样在iOS客户端实现google oauth2的登录,并且通过asp.net mvc中的controller的api接口进行form验证。
首先,先了解下google oauth2的相关资料:
https://developers.google.com/accounts/docs/OAuth2
这里介绍了五种的登录方式分别有:
Web Server方式(在Web上进行),Client-side方式(运行在浏览器中的javascript),Installed方式(例如,Android, Windows, Mac OS, iOS, Blackberry等等),Devices方式(在游戏控制台,视频摄像机,打印机等等),Service Accounts方式(在云服务存储方面等等)
本文主要介绍在iOS客户端如果在UIWebView上进行Web Server方式的oauth2登录。
现在必须在google上注册一个账户,然后打开:https://code.google.com/apis/console/
在这里可以创建你的应用程序,例如:
然后需要创建一个ClientID,拖到底部有个创建按钮:
这里可以看到有3个选项,分别为Web application,Service account,Installed application,这里选择默认的Web application,完成client ID的创建。可以看到:
这里产生了Client ID以及Client secret,注意这两项对于google的oauth2认证十分重要。
接下来,asp.net的服务端,采用的是Form验证登录的方式:
MVC的Controller的API调用:
code作为google oauth2的登录界面返回的一个code编码,紧接着,通过client ID for web applications中的Redirect URIs,自动跳转到GoogleLogin接口,送到服务端,在服务端进行进行code验证,得到token的相关账号
//根据google回调获取对应google账号
private string GetGoogleGrantByCode( string code)
{
using ( var wc = new WebClient())
{
wc.Headers.Add( " Content-Type ", " application/x-www-form-urlencoded ");
// 登录后根据code获取token
var data = string.Format( " client_id={0}&client_secret={1}&redirect_uri={2}&code={3}&grant_type=authorization_code "
, this._googleClientId
, this._googleClientSecret
, HttpUtility.UrlEncode( this.GetGoogleRedirectUrl())
, code);
if ( this._log.IsDebugEnabled)
this._log.Debug(data);
try
{
return Encoding.UTF8.GetString(wc.UploadData( this._googleOAuth2TokenUrl
, " POST "
, Encoding.UTF8.GetBytes(data)));
}
catch (WebException e)
{
if (e.Response == null)
throw e;
using ( var reader = new StreamReader((e as WebException).Response.GetResponseStream()))
throw new Exception(reader.ReadToEnd());
}
}
}
其中,_googleClienId和_googleClientSecret就是刚才在google code console中产生的两项,GetGoogleRedirctUrl()取的也是google code console中设置的Redirect URIs;_googleOAuth2TokenUrl为https://accounts.google.com/o/oauth2/token
通过POST请求,如果顺利的话,就可以得到一些Token信息,其中包括accessToken,refreshToken以及过期的日期等等。通过accessToken以及userInfo的api接口,就可以得到当前google账户的email信息。
return _serializer.JsonDeserialize<IDictionary< string, string>>(
wc.DownloadString( this._googleOAuth2UserUrl + " ?access_token= " + access_token))[ " email "];
其中_googleOAuth2UserUrl为https://www.googleapis.com/oauth2/v1/userinfo
接下来,我们看下iOS客户端怎样进行google oauth2登录,在http://code.google.com/p/gtm-oauth2/通过svn获取code source:
打开gtm-oauth2-read-only/source,把里面的相关的obj-c的文件拷贝出来,例如:
现在,就可以在你的应用程序中使用它了:
创建一个LoginViewController.h/m,并引用头文件:
#import " GTMOAuth2ViewControllerTouch.h "
界面如下:
点击"使用谷歌账号登录“按钮,进入google登录页面:
{
NSLog( @" 进入google oauth登录页面 ");
[self signOut:nil];
NSString *scope = [[[SysConfig instance] keyValue] objectForKey: @" googleScope "];
NSString *keychainItemName = kKeychainItemName;
SEL finishedSel = @selector(viewController:finishedWithAuth:error:);
GTMOAuth2ViewControllerTouch *viewController;
viewController = [GTMOAuth2ViewControllerTouch controllerWithScope:scope
clientID:googleClientId
clientSecret:googleClientSecret
keychainItemName:keychainItemName
delegate:self
finishedSelector:finishedSel];
viewController.loginDelegate = self;
NSString *html = @" <html><body bgcolor=white><div align=center>正在进入google登录页面...</div></body></html> ";
viewController.initialHTMLString = html;
[self.navigationController pushViewController:viewController animated:YES];
}
其中googleScope可以设置一个授权google api应用的范围,GTMOAuth2ViewControllerTouch
实际上,GTMOAuth2ViewControllerTouch进入一个拥有UIWebView的嵌套页面,initialHtmlString可进行UIWebView的初始化,并且通过UIWebViewDelegate的委托可以来获取相关的NSURLRequest的信息。接着,这里也要填写刚才对应的googleClientId以及googleClientSecret
现在在这里填写你的google账号,点击"sign in",进入下一步;
另外,修改下GTMOAuth2SignIn.m里面的代码:
// return kOOBString;
return [[[SysConfig instance] keyValue] objectForKey: @" google_redirect_uri "];
}
从我的Config.plist文件中去读取google_redirect_uri
在parametersForWebRequest方法中进行调整:
@" code ", @" response_type ",
clientID, @" client_id ",
@" joke ", @" state ",
@" true ", @" mobi ",
@" force ", @" approval_prompt ",
@" offline ", @" access_type ",
scope, @" scope ", // scope may be nil
nil];
让paramsDict接受一个state为"joke"的参数,joke的目的是为了在第一次跳转中不对code进行处理,如果code被执行oauth2后,就已经失效。
对应的服务端API,在GoogleLogin加上:
{
if (state == " joke ")
return Json( false, JsonRequestBehavior.AllowGet);
先返回方法,这样我就可以在GTMOAuth2ViewControllerTouch.m的webViewDidFinishLoad:方法中,获取到原先code的值:
[self notifyWithName:kGTMOAuth2WebViewStoppedLoading
webView:webView
kind:kGTMOAuth2WebViewFinished];
NSString *query = webView.request.URL.query;
NSArray *array = [query componentsSeparatedByString: @" & "];
if(array.count == 2)
{
[self popView];
[loginDelegate googleLoginFinish:array];
}
NSString *title = [webView stringByEvaluatingJavaScriptFromString: @" document.title "];
if ([title length] > 0) {
[signIn_ titleChanged:title];
} else {
#if DEBUG
// Verify that Javascript is enabled
NSString *result = [webView stringByEvaluatingJavaScriptFromString: @" 1+1 "];
NSAssert([result integerValue] == 2, @" GTMOAuth2: Javascript is required ");
#endif
}
[signIn_ cookiesChanged:[NSHTTPCookieStorage sharedHTTPCookieStorage]];
[self updateUI];
这里用到一个loginDelegate的委托,会把当前的array返回给之前的LoginViewController中:
{
NSString *codeQuery = [array objectAtIndex: 1];
NSArray *patams = [codeQuery componentsSeparatedByString: @" = "];
NSString *code = [patams objectAtIndex: 0];
if([code isEqualToString: @" code "])
{
self.HUD = [Tools process: @" 登录中 " view:self.view];
NSMutableDictionary *context = [NSMutableDictionary dictionary];
[context setObject: @" GOOGLELOGIN " forKey:REQUEST_TYPE];
NSString *anthCode = [patams objectAtIndex: 1];
[AccountService googleLogin: @"" code:anthCode state: @" login " mobi: @" true " joke: @" false " context:context delegate:self];
}
}
AccountService的googleLogin就会去调用服务端的API了,并且完成回调:
{
NSDictionary *userInfo = [request userInfo];
NSString * requestType = [userInfo objectForKey:REQUEST_TYPE];
if([requestType isEqualToString: @" GOOGLELOGIN "])
{
if(request.responseStatusCode == 200)
{
NSArray* array = request.responseCookies;
NSLog( @" Cookies的数组个数: %d ", array.count);
NSDictionary *dict = [NSHTTPCookie requestHeaderFieldsWithCookies:array];
NSHTTPCookie *cookie = [NSHTTPCookie cookieWithProperties:dict];
NSHTTPCookieStorage *sharedHTTPCookie = [NSHTTPCookieStorage sharedHTTPCookieStorage];
[sharedHTTPCookie setCookieAcceptPolicy:NSHTTPCookieAcceptPolicyAlways];
[sharedHTTPCookie setCookie:cookie];
NSString *username = [request.responseString stringByReplacingOccurrencesOfString: @" \"" withString:@""];
[[ConstantClass instance] setUsername:username];
[[ConstantClass instance] setLoginType:@ "google " ];
[ConstantClass saveToCache];
[self dismissModalViewControllerAnimated:NO];
[ delegate loginFinish];
}
else
{
[Tools failed:self.HUD];
}
}
}
其中,本地存储了一份从服务端接收到Cookie存放在本地,已备刷新服务端的Form验证的过期。
服务端API最终调用代码:
{
if (state == " joke ")
return Json( false, JsonRequestBehavior.AllowGet);
// 根据google回调获取对应google账号
var grant = this.GetGoogleGrantByCode(code);
var dict = _serializer.JsonDeserialize<IDictionary< string, string>>(grant);
var email = this.GetGoogleAccount(dict[ " access_token "]);
this.SetLogin(email, grant);
return Json(email, JsonRequestBehavior.AllowGet);
}
这样就完成了整个google oauth2登录以及在服务端的Form认证。