访问Google的很多服务都需要账户的验证,例如Google Calendar,Google Mail,Google Apps等等,其中ClientLogin验证是使用最多的情况。
本文就简单介绍一下手机应用程序和桌面应用程序的ClientLogin的基本流程和方法。
The ClientLogin authorization process(验证过程)
Authorization with ClientLogin involves a sequence of interactions between three entities: the installed application, Google services, and the user.
This diagram illustrates the sequence:
图片中的验证流程说明如下:
1. When the third-party application needs to access a user's Google service, it retrieves the user's login name and password.
2. The third-party application then makes a ClientLogin call to Google's Authorization service.
3. If the Google Authorization service decides additional vetting is necessary, it returns failure response with a CAPTCHA token and challenge, in the form of a URL for a CAPTCHA image.
4. If a CAPTCHA challenge is received, the third-party application displays the CAPTCHA image for the user and solicits an answer from the user.
5. If requested, the user submits an answer to the CAPTCHA challenge.
6. The third-party application makes a new ClientLogin call, this time including the CAPTCHA answer and token (received with the failure response).
7. On a successful login attempt (with or without CAPTCHA challenge), the Google Authorization service returns a token to the application.
8. The application contacts the Google service with a request for data access, referencing the token received from the Google Authorization service.
9. If the Google service recognizes the token, it supplies the requested data access.
The ClientLogin interface(ClientLogin验证接口)
1. ClientLogin
ClientLogin can be used with any application that can make an HTTPS POST request. The POST request should be structured as a form post with the default encoding application/x-www-form-urlencoded. Parameters should be included in the body of the post.
Action URL parameter: https://www.google.com/accounts/ClientLogin
Sample request(请求示例)
The first example illustrates a basic login request.
The second example shows a request containing a response to a CAPTCHA challenge. Both examples are shown not URL-encoded for clarity.
POST /accounts/ClientLogin HTTP/1.0 Content-type: application/x-www-form-urlencoded accountType=HOSTED_OR_GOOGLE&Email=zhourunsheng2008@gmail.com&Passwd=12345678&service=ah&source=Carey-CareyDiary-1.0 ~~~~~~~~~~~~~~ POST /accounts/ClientLogin HTTP/1.0 Content-type: application/x-www-form-urlencoded accountType=HOSTED_OR_GOOGLE&Email=zhourunsheng2008@gmail.com&Passwd=12345678&service=ah& source=Carey-CareyDiary-1.0&logintoken=DQAAAGgA...dkI1LK9&logincaptcha=abcdefg
2. ClientLogin response
In response to a login request, Google returns either an HTTP 200, if login succeeded, or an HTTP 403, if login failed.
A success response contains the authorization token, labeled "Auth", in the body of the response. Your application must reference this token in each request to the Google service for this user. Additional cookies, labeled "SID" and "LSID", are not currently active and should not be used.
A failure response contains an error code and a URL to an error page that can be displayed to the user. If the error code is a CAPTCHA challenge, the response also includes a URL to a CAPTCHA image and a special token. Your application should be able to solicit an answer from the user and then retry the login request. To display the CAPTCHA image to the user, prefix the CaptchaUrl value with "http://www.google.com/accounts/", for example: " http://www.google.com/accounts/Captcha?ctoken=HiteT4b0Bk5Xg18_AcVoP6-yFkHPibe7O9EqxeiI7lUSN".
Sample responses(回复示例)
HTTP/1.0 200 OK Server: GFE/1.3 Content-Type: text/plain SID=DQAAAGgA...7Zg8CTN LSID=DQAAAGsA...lk8BBbG Auth=DQAAAGgA...dk3fA5N 在我们的程序中,目前主要利用Auth来作为后续访问服务的token,其他两项没有作用 ~~~~~~~~~ HTTP/1.0 403 Access Forbidden Server: GFE/1.3 Content-Type: text/plain Url=http://www.google.com/login/captcha Error=CaptchaRequired CaptchaToken=DQAAAGgA...dkI1LK9 CaptchaUrl=Captcha?ctoken=HiteT4b0Bk5Xg18_AcVoP6-yFkHPibe7O9EqxeiI7lUSN
Error codes(错误代码)
