与此问题p类似,我认为这是文档不完整/不是最新/不一致的问题。
凡https://developers.google.com/+/web/signin/server-side- flow表明,gplus_id
将在GET参数被退回,这不是我所用的流量的情况。
我在https://github.com/googleplus/gplus-quickstart- python/blob/master/signin.py中找到了答案,其中包括以下代码段:
# An ID Token is a cryptographically-signed JSON object encoded in base 64.
# Normally, it is critical that you validate an ID Token before you use it,
# but since you are communicating directly with Google over an
# intermediary-free HTTPS channel and using your Client Secret to
# authenticate yourself to Google, you can be confident that the token you
# receive really comes from Google and is valid. If your server passes the
# ID Token to other components of your app, it is extremely important that
# the other components validate the token before using it.
gplus_id = credentials.id_token['sub']