קבלת אסימוני הרשאה
קל לארגן דפים בעזרת אוספים
אפשר לשמור ולסווג תוכן על סמך ההעדפות שלך.
מה זה טוקן?
ב-Fleet Engine נדרש שימוש באסימוני JWT (JSON Web Tokens) לקריאות ל-API method מסביבות עם רמת אבטחה נמוכה: סמארטפונים ודפדפנים.
אסימון JWT נוצר בשרת שלכם, נחתם, מוצפן ומועבר ללקוח לאינטראקציות עתידיות עם השרת עד שהוא יפוג או עד שהוא לא יהיה תקף יותר.
פרטים חשובים
למידע נוסף על אסימוני JWT, אפשר לעיין במאמר אסימוני JWT במאמרים בנושא Fleet Engine.
איך לקוחות מקבלים טוקנים?
אחרי שנהג או לקוח מתחברים לאפליקציה באמצעות פרטי האימות המתאימים, כל עדכון שיוצא מהמכשיר הזה חייב להשתמש באסימוני הרשאה מתאימים, שמעבירים ל-Fleet Engine את ההרשאות של האפליקציה.
כמפתחים, ההטמעה של הלקוח צריכה לספק את היכולות הבאות:
- מאחזרים אסימון JWT מהשרת.
- כדי לצמצם את מספר הפעמים שבהן צריך לרענן את הטוקן, אפשר להשתמש בו שוב ושוב עד שתוקף שלו יפוג.
- מרעננים את הטוקן כשהתוקף שלו פג.
פרוטוקול GMTDAuthorization מאחזר אסימוני JSON Web Token בזמן עדכון המיקום על סמך אובייקט GMTD AuthorizationContext. ערכת ה-SDK צריכה לארוז את הטוקנים עם פרטי העדכון כדי לשלוח אותם ל-Fleet Engine.
לפני שמפעילים את ה-SDK, צריך לוודא שההטמעה בצד השרת יכולה להנפיק טוקנים.
פרטים על האסימונים שנדרשים ל-Fleet Engine מופיעים במאמר בנושא הנפקת אסימוני JSON Web Token ל-Fleet Engine.
מזהה הספק זהה למזהה הפרויקט של הפרויקט ב-Google Cloud. מידע על הגדרת הפרויקט ב-Google Cloud זמין במאמר יצירת פרויקט Fleet Engine.
דוגמה ל-fetcher של טוקן אימות
בדוגמה הבאה מוצג ספק של אסימוני הרשאה:
Swift
/*
* SampleAccessTokenProvider.swift
*/
import GoogleRidesharingConsumer
private let providerURL = "INSERT_YOUR_TOKEN_PROVIDER_URL"
class SampleAccessTokenProvider: NSObject, GMTCAuthorization {
private struct AuthToken {
// The cached trip token.
let token: String
// Keep track of when the token expires for caching.
let expiration: TimeInterval
// Keep track of the trip ID the cached token is for.
let tripID: String
}
enum AccessTokenError: Error {
case missingAuthorizationContext
case missingData
}
private var authToken: AuthToken?
func fetchToken(
with authorizationContext: GMTCAuthorizationContext?,
completion: @escaping GMTCAuthTokenFetchCompletionHandler
) {
// Get the trip ID from the authorizationContext. This is set by the Consumer SDK.
guard let authorizationContext = authorizationContext else {
completion(nil, AccessTokenError.missingAuthorizationContext)
return
}
let tripID = authorizationContext.tripID
// If appropriate, use the cached token.
if let authToken = authToken,
authToken.expiration > Date.now.timeIntervalSince1970 && authToken.tripID == tripID
{
completion(authToken.token, nil)
return
}
// Otherwise, try to fetch a new token from your server.
let request = URLRequest(url: URL(string: providerURL))
let task = URLSession.shared.dataTask(with: request) { [weak self] data, _, error in
guard let strongSelf = self else { return }
guard error == nil else {
completion(nil, error)
return
}
// Replace the following key values with the appropriate keys based on your
// server's expected response.
let tripTokenKey = "TRIP_TOKEN_KEY"
let tokenExpirationKey = "TOKEN_EXPIRATION"
guard let data = data,
let fetchData = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
let token = fetchData[tripTokenKey] as? String,
let expiration = fetchData[tokenExpirationKey] as? Double
else {
completion(nil, AccessTokenError.missingData)
return
}
strongSelf.authToken = AuthToken(token: token, expiration: expiration, tripID: tripID)
completion(token, nil)
}
task.resume()
}
}
Objective-C
/*
* SampleAccessTokenProvider.h
*/
#import <Foundation/Foundation.h>
#import <GoogleRidesharingConsumer/GoogleRidesharingConsumer.h>
NS_ASSUME_NONNULL_BEGIN
@interface SampleAccessTokenProvider : NSObject <GMTCAuthorization>
@end
NS_ASSUME_NONNULL_END
/*
* SampleAccessTokenProvider.m
*/
#import "SampleAccessTokenProvider.h"
#import "GoogleRidesharingConsumer/GoogleRidesharingConsumer.h"
static NSString *const PROVIDER_URL = @"INSERT_YOUR_TOKEN_PROVIDER_URL";
// SampleAccessTokenProvider.m
@implementation SampleAccessTokenProvider {
// The cached token with claims to the current trip.
NSString *_cachedTripToken;
// Keep track of the Trip ID the cached token is for.
NSString *_lastKnownTripID;
// Keep track of when tokens expire for caching.
NSTimeInterval _tokenExpiration;
}
- (void)fetchTokenWithContext:(nullable GMTCAuthorizationContext *)authorizationContext
completion:(nonnull GMTCAuthTokenFetchCompletionHandler)completion {
// Get the trip ID from the authorizationContext. This is set by the Consumer SDK.
NSString *tripID = authorizationContext.tripID;
// Clear cached trip token if trip ID has changed.
if (![_lastKnownTripID isEqual:tripID]) {
_tokenExpiration = 0.0;
_cachedTripToken = nil;
}
_lastKnownTripID = tripID;
// Clear cached tripToken if it has expired.
if ([[NSDate date] timeIntervalSince1970] > _tokenExpiration) {
_cachedTripToken = nil;
}
// If appropriate, use the cached token.
if (_cachedTripToken) {
completion(_cachedTripToken, nil);
return;
}
// Otherwise, try to fetch a new token from your server.
NSURL *requestURL = [NSURL URLWithString:PROVIDER_URL];
NSMutableURLRequest *request =
[[NSMutableURLRequest alloc] initWithURL:requestURL];
request.HTTPMethod = @"GET";
// Replace the following key values with the appropriate keys based on your
// server's expected response.
NSString *tripTokenKey = @"TRIP_TOKEN_KEY";
NSString *tokenExpirationKey = @"TOKEN_EXPIRATION";
__weak typeof(self) weakSelf = self;
void (^handler)(NSData *_Nullable data, NSURLResponse *_Nullable response,
NSError *_Nullable error) =
^(NSData *_Nullable data, NSURLResponse *_Nullable response, NSError *_Nullable error) {
typeof(self) strongSelf = weakSelf;
if (error) {
completion(nil, error);
return;
}
NSError *JSONError;
NSMutableDictionary *JSONResponse =
[NSJSONSerialization JSONObjectWithData:data options:kNilOptions error:&JSONError];
if (JSONError) {
completion(nil, JSONError);
return;
} else {
// Sample code only. No validation logic.
id expirationData = JSONResponse[tokenExpirationKey];
if ([expirationData isKindOfClass:[NSNumber class]]) {
NSTimeInterval expirationTime = ((NSNumber *)expirationData).doubleValue;
strongSelf->_tokenExpiration = [[NSDate date] timeIntervalSince1970] + expirationTime;
}
strongSelf->_cachedTripToken = JSONResponse[tripTokenKey];
completion(JSONResponse[tripTokenKey], nil);
}
};
NSURLSessionConfiguration *config = [NSURLSessionConfiguration defaultSessionConfiguration];
NSURLSession *mainQueueURLSession =
[NSURLSession sessionWithConfiguration:config delegate:nil
delegateQueue:[NSOperationQueue mainQueue]];
NSURLSessionDataTask *task = [mainQueueURLSession dataTaskWithRequest:request completionHandler:handler];
[task resume];
}
@end
המאמרים הבאים
אתחול ה-Consumer SDK
אלא אם צוין אחרת, התוכן של דף זה הוא ברישיון Creative Commons Attribution 4.0 ודוגמאות הקוד הן ברישיון Apache 2.0. לפרטים, ניתן לעיין במדיניות האתר Google Developers. Java הוא סימן מסחרי רשום של חברת Oracle ו/או של השותפים העצמאיים שלה.
עדכון אחרון: 2025-08-31 (שעון UTC).
[null,null,["עדכון אחרון: 2025-08-31 (שעון UTC)."],[[["\u003cp\u003eFleet Engine utilizes JSON Web Tokens (JWTs) for API method calls originating from low-trust environments like smartphones and browsers, ensuring secure communication.\u003c/p\u003e\n"],["\u003cp\u003eYour backend server, a trusted environment, generates and signs these JWTs, which are then passed to clients for server interactions.\u003c/p\u003e\n"],["\u003cp\u003eClients, such as driver or consumer apps, need to fetch, reuse, and refresh these JWTs to maintain authorized access to Fleet Engine functionalities.\u003c/p\u003e\n"],["\u003cp\u003eThe provided code examples demonstrate how to implement an authorization token provider in Swift and Objective-C for fetching and managing JWTs within your client application.\u003c/p\u003e\n"]]],["Fleet Engine utilizes JSON Web Tokens (JWTs) for API calls from low-trust environments. Developers must fetch signed, encrypted JWTs from their servers and provide them to clients. Tokens should be reused until expiration and then refreshed. Clients obtain tokens upon user login, ensuring updates are authorized. The `GMTDAuthorization` protocol manages token fetching at update times. The provided code examples demonstrate how to implement a token fetcher in Swift and Objective-C, caching and refreshing tokens as needed. The providerID is equivalent to the project ID.\n"],null,["What is a token?\n\nFleet Engine requires the use of **JSON Web Tokens** (JWTs) for API method calls\nfrom **low-trust environments**: smartphones and browsers.\n\nA JWT originates on your server, is signed, encrypted, and passed to the client\nfor subsequent server interactions until it expires or is no longer valid.\n\n**Key details**\n\n- Use [Application Default Credentials](https://google.aip.dev/auth/4110) to authenticate and authorize against Fleet Engine.\n- Use an appropriate service account to sign JWTs. See [Fleet Engine serviceaccount](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/service-accounts#fleet_engine_service_account_roles) roles in **Fleet Engine Basics**.\n\nFor more information about JSON Web Tokens, see [JSON Web Tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/jwt) in\n**Fleet Engine Essentials**.\n\nHow clients get tokens?\n\nOnce a driver or consumer logs in to your app using the appropriate\nauthentication credentials, any updates issued from that device must use\nappropriate authorization tokens, which communicates to Fleet Engine the\npermissions for the app.\n\nAs the developer, your client implementation should provide the ability to\ndo the following:\n\n- Fetch a JSON Web Token from your server.\n- Reuse the token until it expires to minimize token refreshes.\n- Refresh the token when it expires.\n\nThe `GMTDAuthorization` protocol fetches JSON Web tokens at location update time\nbased on the `GMTD AuthorizationContext` object. The SDK\nmust package the tokens with the update information to send to Fleet Engine.\nMake sure that your server-side implementation can issue tokens before\ninitializing the SDK.\n\nFor details of the tokens expected by Fleet Engine, see\n[Issue JSON Web Tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt) for Fleet Engine.\n\nThe providerID is the same as the **Project ID** of your Google Cloud\nProject. For information on setting up the Google Cloud Project, see\n[Create your Fleet Engine project](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/create-project).\n\nExample of an authentication token fetcher\n\nThe following example implements an authorization token provider: \n\nSwift \n\n /*\n * SampleAccessTokenProvider.swift\n */\n import GoogleRidesharingConsumer\n\n private let providerURL = \"INSERT_YOUR_TOKEN_PROVIDER_URL\"\n\n class SampleAccessTokenProvider: NSObject, GMTCAuthorization {\n private struct AuthToken {\n // The cached trip token.\n let token: String\n // Keep track of when the token expires for caching.\n let expiration: TimeInterval\n // Keep track of the trip ID the cached token is for.\n let tripID: String\n }\n\n enum AccessTokenError: Error {\n case missingAuthorizationContext\n case missingData\n }\n\n private var authToken: AuthToken?\n\n func fetchToken(\n with authorizationContext: GMTCAuthorizationContext?,\n completion: @escaping GMTCAuthTokenFetchCompletionHandler\n ) {\n // Get the trip ID from the authorizationContext. This is set by the Consumer SDK.\n guard let authorizationContext = authorizationContext else {\n completion(nil, AccessTokenError.missingAuthorizationContext)\n return\n }\n let tripID = authorizationContext.tripID\n\n // If appropriate, use the cached token.\n if let authToken = authToken,\n authToken.expiration \u003e Date.now.timeIntervalSince1970 && authToken.tripID == tripID\n {\n completion(authToken.token, nil)\n return\n }\n\n // Otherwise, try to fetch a new token from your server.\n let request = URLRequest(url: URL(string: providerURL))\n let task = URLSession.shared.dataTask(with: request) { [weak self] data, _, error in\n guard let strongSelf = self else { return }\n guard error == nil else {\n completion(nil, error)\n return\n }\n\n // Replace the following key values with the appropriate keys based on your\n // server's expected response.\n let tripTokenKey = \"TRIP_TOKEN_KEY\"\n let tokenExpirationKey = \"TOKEN_EXPIRATION\"\n guard let data = data,\n let fetchData = try? JSONSerialization.jsonObject(with: data) as? [String: Any],\n let token = fetchData[tripTokenKey] as? String,\n let expiration = fetchData[tokenExpirationKey] as? Double\n else {\n completion(nil, AccessTokenError.missingData)\n return\n }\n\n strongSelf.authToken = AuthToken(token: token, expiration: expiration, tripID: tripID)\n completion(token, nil)\n }\n task.resume()\n }\n }\n\nObjective-C \n\n /*\n * SampleAccessTokenProvider.h\n */\n #import \u003cFoundation/Foundation.h\u003e\n #import \u003cGoogleRidesharingConsumer/GoogleRidesharingConsumer.h\u003e\n\n NS_ASSUME_NONNULL_BEGIN\n\n @interface SampleAccessTokenProvider : NSObject \u003cGMTCAuthorization\u003e\n\n @end\n\n NS_ASSUME_NONNULL_END\n\n /*\n * SampleAccessTokenProvider.m\n */\n #import \"SampleAccessTokenProvider.h\"\n #import \"GoogleRidesharingConsumer/GoogleRidesharingConsumer.h\"\n\n static NSString *const PROVIDER_URL = @\"INSERT_YOUR_TOKEN_PROVIDER_URL\";\n\n // SampleAccessTokenProvider.m\n @implementation SampleAccessTokenProvider {\n // The cached token with claims to the current trip.\n NSString *_cachedTripToken;\n // Keep track of the Trip ID the cached token is for.\n NSString *_lastKnownTripID;\n // Keep track of when tokens expire for caching.\n NSTimeInterval _tokenExpiration;\n }\n\n - (void)fetchTokenWithContext:(nullable GMTCAuthorizationContext *)authorizationContext\n completion:(nonnull GMTCAuthTokenFetchCompletionHandler)completion {\n // Get the trip ID from the authorizationContext. This is set by the Consumer SDK.\n NSString *tripID = authorizationContext.tripID;\n\n // Clear cached trip token if trip ID has changed.\n if (![_lastKnownTripID isEqual:tripID]) {\n _tokenExpiration = 0.0;\n _cachedTripToken = nil;\n }\n _lastKnownTripID = tripID;\n\n // Clear cached tripToken if it has expired.\n if ([[NSDate date] timeIntervalSince1970] \u003e _tokenExpiration) {\n _cachedTripToken = nil;\n }\n\n // If appropriate, use the cached token.\n if (_cachedTripToken) {\n completion(_cachedTripToken, nil);\n return;\n }\n // Otherwise, try to fetch a new token from your server.\n NSURL *requestURL = [NSURL URLWithString:PROVIDER_URL];\n NSMutableURLRequest *request =\n [[NSMutableURLRequest alloc] initWithURL:requestURL];\n request.HTTPMethod = @\"GET\";\n\n // Replace the following key values with the appropriate keys based on your\n // server's expected response.\n NSString *tripTokenKey = @\"TRIP_TOKEN_KEY\";\n NSString *tokenExpirationKey = @\"TOKEN_EXPIRATION\";\n\n __weak typeof(self) weakSelf = self;\n void (^handler)(NSData *_Nullable data, NSURLResponse *_Nullable response,\n NSError *_Nullable error) =\n ^(NSData *_Nullable data, NSURLResponse *_Nullable response, NSError *_Nullable error) {\n typeof(self) strongSelf = weakSelf;\n if (error) {\n completion(nil, error);\n return;\n }\n\n NSError *JSONError;\n NSMutableDictionary *JSONResponse =\n [NSJSONSerialization JSONObjectWithData:data options:kNilOptions error:&JSONError];\n\n if (JSONError) {\n completion(nil, JSONError);\n return;\n } else {\n // Sample code only. No validation logic.\n id expirationData = JSONResponse[tokenExpirationKey];\n if ([expirationData isKindOfClass:[NSNumber class]]) {\n NSTimeInterval expirationTime = ((NSNumber *)expirationData).doubleValue;\n strongSelf-\u003e_tokenExpiration = [[NSDate date] timeIntervalSince1970] + expirationTime;\n }\n strongSelf-\u003e_cachedTripToken = JSONResponse[tripTokenKey];\n completion(JSONResponse[tripTokenKey], nil);\n }\n };\n NSURLSessionConfiguration *config = [NSURLSessionConfiguration defaultSessionConfiguration];\n NSURLSession *mainQueueURLSession =\n [NSURLSession sessionWithConfiguration:config delegate:nil\n delegateQueue:[NSOperationQueue mainQueue]];\n NSURLSessionDataTask *task = [mainQueueURLSession dataTaskWithRequest:request completionHandler:handler];\n [task resume];\n }\n\n @end\n\nWhat's Next\n\n[Initialize the Consumer SDK](/maps/documentation/mobility/journey-sharing/on-demand/ios/init-sdk)"]]
