控制用于在PHP服务器中使用Oauth2和Google Play验证用户请求的流程?
I managed to implement the Google Play Services API in my Cordova app (game). The game now sends the Google Play Services Player ID to my server when a person connects.
I am making a system that validates a user's permissions and sends them some data (an image from my server) if the permissions check out. So, I have the Player ID, but that isn't enough to validate that they are who they say they are.
I don't understand how to use Oauth2 to validate a user is who they say they are.
Stop me when I go off track:
Presumably, I would need a one-time token from them that I could then validate with, eh, "something", and then run a PHP validation function with that token and the "something" to validate that they are who they say they are.
I'm not sure how to request the token without having Google Play Services create an authorization window within my app, or what the code for any of it is. I saw some Oauth 2 things in PHP but they are positively gigantic things. I'm looking for something that can clearly explain how I can validate the user and a couple of lines of code for implementing it.
我设法在我的Cordova应用程序(游戏)中实现了Google Play Services API。 当一个人连接时,游戏现在将Google Play服务播放器ID发送到我的服务器。 p>
我正在建立一个验证用户权限并向他们发送一些数据的系统(来自我服务器的图像) )如果权限检出。 所以,我有玩家ID,但这还不足以证明他们是他们所说的人。 p>
我不明白如何使用Oauth2验证用户是 他们说他们是谁。 p>
当我偏离轨道时阻止我: p>
据推测,我需要他们的一次性令牌,我 然后可以使用“某事”进行验证,然后运行带有该令牌的PHP验证函数和“某些东西”来验证他们是否是他们所说的人。 p>
我' 我不确定如何在没有Google Play服务的情况下在我的应用中创建授权窗口,或者任何代码的代码是什么来请求令牌。 我在PHP中看到了一些Oauth 2的东西,但它们是巨大的东西。 我正在寻找可以清楚地解释如何验证用户以及用于实现它的几行代码的东西。 p> div>
Ok, I think I figured it out. Basic concept...
1) User asks for access token for Google Play Services Player API. (requires an authorization dialog)
2) User sends access token to server.
3) Server sends access token to Google Play Player API.
4) If successful, server authenticates user.
https://developers.google.com/games/services/web/api/players/get
Edit: The above applies to HTTP only. Unfortunately, as far as I can tell, there is no built-in Android / Google Play mechanism to get an authorization code, only an access token.