与此问题类似,我认为这是文档不完整/不是最新/不一致的问题。
凡https://developers.google.com/+/web/signin/server-side-
flow表明,
gplus_id将在GET参数被退回,这不是我所用的流量的情况。
我在https://github.com/googleplus/gplus-quickstart-
python/blob/master/signin.py中找到了答案,其中包括以下代码段:
# An ID Token is a cryptographically-signed JSON object enpred in base 64.# Normally, it is critical that you validate an ID Token before you use it,# but since you are communicating directly with Google over an# intermediary-free HTTPS channel and using your Client Secret to# authenticate yourself to Google, you can be confident that the token you# receive really comes from Google and is valid. If your server passes the# ID Token to other components of your app, it is extremely important that# the other components validate the token before using it.gplus_id = credentials.id_token['sub']
