Home » Android » android – What is diff between requestIdToken and requestServerAuthCode in google singnin

android – What is diff between requestIdToken and requestServerAuthCode in google singnin

Posted by: admin May 14, 2020 Leave a comment

Questions:

I am not able to differentiate between these two: requestIdToken and requestServerAuthCode, when we signin with google api from android device.

My requirement is to provide option for users to login in android device, and after login sync data to my server.
Server need to validate logged in user request from android device. I am thinking to use “requestIdToken”.
On the server side i am using google client library to fetch user info from requestIdToken.

How to&Answers:

There is

requestIdToken (String serverClientId)

Specifies that an ID token for authenticated users is requested.
Requesting an ID token requires that the server client ID be
specified.

and there is

requestServerAuthCode (String serverClientId)

Specifies that offline access is requested. Requesting offline access
requires that the server client ID be specified.

You don’t need to use requestIdToken(String) when you use this option.
When your server exchanges the code for tokens, an ID token will be
returned together (as long as you either use requestEmail() or
requestProfile() along with your configuration).

The first time you retrieve a code, a refresh_token will be granted
automatically. Subsequent requests will only return codes that can be
exchanged for access token.

From the docs.

As you can read here, requestServerAuthCode() is specifically for requesting offline access. If you do not need it, use requestIdToken()