2

Recently I have been trying to work with the Google Signin API and Retrofit 2.0

I am using OAuth 2.0 as you probably expected and using Bearer Authentication within the headers. I intercept the traffic and do the following...

httpClient.addInterceptor(new Interceptor() {

    @Override
    public Response intercept(Chain chain) throws IOException {

        Request original = chain.request();

        Request.Builder requestBuilder = original.newBuilder()
            .header("Accept", "application/json")
            .header("Authorization", "Bearer " + token)
            .method(original.method(), original.body());

        Request request = requestBuilder.build();
        return chain.proceed(request);

    }

});

The token that this above code uses is retrieved from the following...

  • Class - GoogleSignInAccount
  • Method - getIdToken()

I was getting a weird error message that made me dig in the debugger. I am not getting that error message anymore, but when I was in the debugger, I found that I am doing something wrong with the Bearer Token.

I am new to authentication and Retrofit, but I was finally able to get my program to pass through to the onResponse(Call<...> call, Response<..> response) method inside the new instance of the Callback<...>() of Retrofit's enqueue(...) method ...

responseCall.enqueue(new Callback<...>() {
    onResponse(Call<...> call, Response<..> response) {

        // Got here

    }
}

Debugger Results

Raw Response (summary):
------------------------
Response{protocol=h2, code=401, message=, url=https://www.googleapis.com/youtube/v3/videos?part=snippet&myRating=like}


Raw Response -> Request:
------------------------
Request{method=GET, url=https://www.googleapis.com/youtube/v3/videos?part=snippet&myRating=like, tag=null}


Raw Response -> Request Headers:
--------------------------------
Accept: application/json
Authorization: Bearer eyJhbGciOiJSUzI1NiIs...<total of 1132 characters>...yubzKDH6qJ63AJn2L1lA


Raw Response -> Headers:
------------------------
vary: Origin
vary: X-Origin
www-authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
content-type: application/json; charset=UTF-8
date: Mon, 09 May 2016 14:22:04 GMT
expires: Mon, 09 May 2016 14:22:04 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: GSE
alternate-protocol: 443:quic
alt-svc: quic=":443"; ma=2592000; v="33,32,31,30,29,28,27,26,25"
OkHttp-Sent-Millis: 1462803723887
OkHttp-Received-Millis: 1462803724140
Christopher Rucinski
  • 4,737
  • 2
  • 27
  • 58
  • 1
    IMO, invalid token because the token from getIdToken() is not an access token, please read http://android-developers.blogspot.com/2016/02/using-credentials-between-your-server.html, and refer to my answer at http://stackoverflow.com/questions/33998335/how-to-get-access-token-after-user-is-signed-in-from-gmail-in-android (I used OkHttp to get the access token, however, I think you can customize with your Retrofit) – BNK May 10 '16 at 01:32

0 Answers0