不過這次在測試Google的OAuth時,意外的發現,在不同的 project 或 client_id 或 domain 下,取得登入 user 的 user_id 竟然都是都相同的,該說是 Google 很佛心嗎.........
如果是這樣的話是可以在不同的專案下管理或取得相同的user資料來做應用,還蠻不錯的~
Google Single sign-on (SSO) 開發文件
https://developers.google.com/identity/sign-in/web/sign-in
使用access_token取得user資訊
https://oauth2.googleapis.com/tokeninfo?access_token={access_token}
{
"issued_to": "304507854622-ismvsavqhsn20o3mjlqrabcdef.apps.googleusercontent.com",
"audience": "304507854622-ismvsavqhsn20o3mjlqrabcdef.apps.googleusercontent.com",
"user_id": "104327134143115766667",
"scope": "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid",
"expires_in": 2759,
"email": "test@gmail.com",
"verified_email": true,
"access_type": "online"
}
使用id_token取得user資訊
https://oauth2.googleapis.com/tokeninfo?id_token={id_token}
{
"iss": "accounts.google.com",
"azp": "304507854622-ismvsavqhsn20o3mjlqrabcdef.apps.googleusercontent.com",
"aud": "304507854622-ismvsavqhsn20o3mjlqrabcdef.apps.googleusercontent.com",
"sub": "104327134143115766667",
"email": "test@gmail.com",
"email_verified": "true",
"at_hash": "lWpP3_u1QrfRHmF82140A",
"name": "Superman",
"picture": "https://lh6.googleusercontent.com/photo.jpg",
"given_name": "Man",
"family_name": "Super",
"locale": "zh-TW",
"iat": "1562689809",
"exp": "1562693409",
"jti": "a2b26562f211c2d329d0b121254dc5205d7e252b5",
"alg": "RS256",
"kid": "6e5508d27965ad7907c3322a48ed763727e",
"typ": "JWT"
}
