使用Google PlayIntegrity API解码完整性令牌
使用Google PlayIntegrity API解码完整性令牌
提问于 2022-03-18 11:26:38
我正试图在我的安卓应用程序中实现Google,但我不知道如何使用PlayIntegrity的服务器来解密和验证令牌。
我跟踪了文档,直到这一点:
现在我被困在向googleapis发出解码请求上了。我不明白这条指令是怎么工作的。
我创建了一个服务帐户,并下载了JSON凭据文件并将其放入Laravel项目中,然后尝试了以下代码:
$client = new Client();
$client->setAuthConfig(storage_path('app/integrity_check_account.json'));
$client->addScope(PlayIntegrity::class);
$httpClient = $client->authorize();
$result = $httpClient->request('POST', 'https://playintegrity.googleapis.com/v1/my.package.name', [
'headers' => ['Content-Type' => 'application/json'],
'body' => "{ 'integrity_token': 'token' }"
]);
dd($result);因此,我对这段代码有两个问题:
- 我是否正确地添加了范围?
- 我的要求正确吗?因为它不工作,因为我得到404错误。
回答 5
Stack Overflow用户
回答已采纳
发布于 2022-03-18 14:41:53
在查看来自PlayIntegrity API的Google客户端PHP库源时,我终于找到了解决问题的方法。
导入所需的依赖关系后:
composer require google/apiclient:^2.12.1这是我的控制器:
<?php
namespace App\Http\Controllers;
use Google\Client;
use Google\Service\PlayIntegrity;
use Google\Service\PlayIntegrity\DecodeIntegrityTokenRequest;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller as BaseController;
class Controller extends BaseController {
use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
public function performCheck(Request $request) {
$client = new Client();
$client->setAuthConfig(path/to/your/credentials/json/file.json);
$client->addScope(PlayIntegrity::PLAYINTEGRITY);
$service = new PlayIntegrity($client);
$tokenRequest = new DecodeIntegrityTokenRequest();
$tokenRequest->setIntegrityToken("TOKEN_HERE");
$result = $service->v1->decodeIntegrityToken('PACKGE_NAME_HERE', $tokenRequest);
//Integrity check logic below
//check with old nonce that you need to save somewhere
if ($oldNonce !== $resultNonce) {
echo "bad nonce";
exit(1);
}
$deviceVerdict = $result->deviceIntegrity->deviceRecognitionVerdict;
$appVerdict = $result->appIntegrity->appRecognitionVerdict;
$accountVerdict = $result->accountDetails->appLicensingVerdict;
//Possible values of $deviceVerdict[0] : MEETS_BASIC_INTEGRITY, MEETS_DEVICE_INTEGRITY, MEETS_STRONG_INTEGRITY
if (!isset($deviceVerdict) || $deviceVerdict[0] !== 'MEETS_DEVICE_INTEGRITY') {
echo "device doesn't meet requirement";
exit(1);
}
//Possible values of $appVerdict: PLAY_RECOGNIZED, UNRECOGNIZED_VERSION, UNEVALUATED
if ($appVerdict !== 'PLAY_RECOGNIZED') {
echo "App not recognized";
exit(1);
}
//Possible values of $accountVerdict: LICENSED, UNLICENSED, UNEVALUATED
if ($accountVerdict !== 'LICENSED') {
echo "User is not licensed to use app";
exit(1);
}
}
}这里解释了可能的回传判决。
Stack Overflow用户
发布于 2022-06-09 20:31:53
我花了几个小时让它与节点js一起工作。有时候,Google很难记录/解释和检查自己的代码。
因此,我为任何希望使用节点js服务器进行完整性解密的人发布这篇文章。我所能找到的唯一例子是直接在googleapis的节点游戏完整性模块中。基于这里的示例,我的工作代码:
async function getAppToken() {
const auth = new google.auth.GoogleAuth({
keyFile: 'secret.json',
scopes: ['https://www.googleapis.com/auth/playintegrity'],
});
const authClient = await auth.getClient();
google.options({auth: authClient});
const res = await playintegrity.decodeIntegrityToken (
{
packageName: 'com.example.myapp',
requestBody:
{
"integrityToken": "myToken"
}
}
);
console.log(res.data);
return res.data;
}你可以这样称呼这个函数
getAppToken()
.then(data => {
console.log(data);
})
.catch(e => {
console.error(e);
throw e;
});我们开始吧!哼..。不,等等。您还必须修复完整性api。转到节点项目,并在模块中找到v1.js文件
它应该在这里:\node_modules\googleapis\build\src\apis\playintegrity
现在打开它,并在Play完整性构造函数中添加这一行
this.decodeIntegrityToken = this.v1.decodeIntegrityToken;为了得到它
class Playintegrity {
constructor(options, google) {
this.context = {
_options: options || {},
google,
};
this.v1 = new Resource$V1(this.context);
this.decodeIntegrityToken = this.v1.decodeIntegrityToken;
}
}现在它应该起作用了
Stack Overflow用户
发布于 2022-04-25 03:11:31
在调用Play Integrity API之前,您必须获得访问令牌。见下文2项请求:
POST /token HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: Google-HTTP-Java-Client/1.41.1 (gzip)
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: oauth2.googleapis.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
Content-Length: 811
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6IjVhY2Y5NjJkNDExZmZiZDE1NmIxZTE3ODcwY2Y0ZGExYjU0ZmM4MGIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsImV4cCI6MTY0ODc3NjU2OCwiaWF0IjoxNjQ4NzcyOTY4LCJpc3MiOiJwbGF5LWludGVncml0eS1mZG5iLXRlc3RAZmRuYi1wbGF5LWludGVncml0eS10ZXN0LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL3BsYXlpbnRlZ3JpdHkifQ.TQM6UFswVl1oe2JLDiPIjgoEyX89eefegh1EiAd3u8ZvO3STbp7g5rgUBC03_3jH0mLspZ4nbGH7m_8cKaYdKbyVs--P7Um591QU68FJxEvG0Nxr-8mjejo-mL4Z5bxXGVTVnd9n2hkWaBEe7iQ7dcqdkRHXNS1Tg2CcLWbCU1q0pxfAtAEe1mRXj5Y-VYfVl-PiN8Cl4Q8ZEbEAPyBkP-eqSMQcMA0nwhgsmIR4JxRH3zbef20SBuZgm0GBPsngUaseyvni-yjGcTmcyB5Sa1CSQL6-384016G9X7jIytF3fOY1pjl0L-N6KD6JmB4fC6ApDYqQmyZhfb5BD4nsjA
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Date: Fri, 01 Apr 2022 00:29:30 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Connection: close
Content-Length: 1083
{"access_token":"ya29.c.b0AXv0zTNFkyzpv-uCAecXsZ8U1TelBGDjRVqBckImapqKoYukyNziQ_zsKecAIns4qjS6UeSiY9bSI3cysPbg7jjeBw63079wuKtsX25yDj83WSK2yzUPKev5MfoyJCyRmRmv-SMHYbqq2qQnn5SZiWM6lNV7hisch_s9JcSe3HmRS-ko9R670ywpgMIvzhADl5tSJlD0xwQyulrNRcJDNkNwzum0e-8........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................","expires_in":3599,"token_type":"Bearer"}
POST /v1/com.example.playinegrity:decodeIntegrityToken HTTP/1.1
Accept-Encoding: gzip, deflate
Authorization: Bearer ya29.c.b0AXv0zTNFkyzpv-uCAecXsZ8U1TelBGDjRVqBckImapqKoYukyNziQ_zsKecAIns4qjS6UeSiY9bSI3cysPbg7jjeBw63079wuKtsX25yDj83WSK2yzUPKev5MfoyJCyRmRmv-SMHYbqq2qQnn5SZiWM6lNV7hisch_s9JcSe3HmRS-ko9R670ywpgMIvzhADl5tSJlD0xwQyulrNRcJDNkNwzum0e-8........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
User-Agent: Google-API-Java-Client/1.33.1 Google-HTTP-Java-Client/1.41.1 (gzip)
x-goog-api-client: gl-java/1.8.0 gdcl/1.33.1 mac-os-x/11.6.2
Content-Type: application/json; charset=UTF-8
Content-Encoding: gzip
Host: playintegrity.googleapis.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: close
Content-Length: 712
[GZIP Content]
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Date: Fri, 01 Apr 2022 00:29:33 GMT
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Cache-Control: private, proxy-revalidate
Connection: close
Content-Length: 649
{
"tokenPayloadExternal": {
"requestDetails": {
"requestPackageName": "com.example.playinegrity",
"timestampMillis": "1648699890779",
"nonce": "YWJjZGVmZ2hpajEyMzQ1Njc4OTE="
},
"appIntegrity": {
"appRecognitionVerdict": "UNRECOGNIZED_VERSION",
"packageName": "com.example.playinegrity",
"certificateSha256Digest": [
"JAHNMZrOYvOOVQ40zNWm2e4fTmHIFYGo-_rvgk7vs4o"
],
"versionCode": "1"
},
"deviceIntegrity": {
"deviceRecognitionVerdict": [
"MEETS_DEVICE_INTEGRITY"
]
},
"accountDetails": {
"appLicensingVerdict": "UNEVALUATED"
}
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71526352
复制相关文章
相似问题
腾讯云开发者
