Obtener tokens de autorización
Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
El SDK de Consumer proporciona autorización con tokens web JSON. Un token web JSON (JWT) es un token de autorización que proporciona uno o más reclamos en un servicio.
El SDK para el consumidor usa el token web JSON que proporciona la aplicación para comunicarse con Fleet Engine. Para obtener detalles sobre los tokens que espera el servidor de Fleet Engine, consulta Tokens web JSON y Cómo emitir tokens web JSON.
El token de autorización proporciona acceso a los siguientes servicios de Fleet Engine:
TripService: Otorga al SDK de Consumer acceso a los detalles del viaje, como la posición del vehículo, la ruta y la ETA. Los tokens de autorización para el servicio de viajes deben incluir una reclamación tripid:TRIP_ID en el encabezado authorization del token, en el que TRIP_ID es el ID del viaje a pedido que se comparte.
VehicleService: Proporciona al SDK de Consumer información sobre la ubicación aproximada del vehículo para mostrar la capa de densidad de vehículos y estimar las ETA de los puntos de partida. Dado que el SDK de Consumer solo usa ubicaciones aproximadas, los tokens de autorización para el servicio de vehículos no requieren un reclamo de vehicleid.
¿Qué es un token?
Fleet Engine requiere el uso de tokens web JSON (JWT) para las llamadas a métodos de la API desde entornos de baja confianza: smartphones y navegadores.
Un JWT se origina en tu servidor, se firma, se encripta y se pasa al cliente para las interacciones posteriores del servidor hasta que vence o ya no es válido.
Detalles clave
Para obtener más información sobre los tokens web JSON, consulta Tokens web JSON en Conceptos básicos de Fleet Engine.
¿Cómo obtienen tokens los clientes?
Una vez que un conductor o consumidor accede a tu app con las credenciales de autorización adecuadas, todas las actualizaciones que se emitan desde ese dispositivo deben usar los tokens de autorización adecuados, que comunican a Fleet Engine los permisos de la app.
Como desarrollador, la implementación del cliente debe proporcionar la capacidad de hacer lo siguiente:
- Recupera un token web JSON de tu servidor.
- Reutiliza el token hasta que venza para minimizar las actualizaciones de tokens.
- Actualiza el token cuando venza.
La clase AuthTokenFactory genera tokens de autorización en el momento de la actualización de la ubicación. El SDK debe empaquetar los tokens con la información de actualización para enviarlos a Fleet Engine. Asegúrate de que tu implementación del servidor pueda emitir tokens antes de inicializar el SDK.
Para obtener detalles sobre los tokens que espera el servicio de Fleet Engine, consulta Cómo emitir tokens web JSON para Fleet Engine.
Ejemplo de un buscador de tokens de autorización
En el siguiente ejemplo de código, se muestra cómo implementar una devolución de llamada de token de autorización.
Java
class JsonAuthTokenFactory implements AuthTokenFactory {
private static final String TOKEN_URL =
"https://yourauthserver.example/token";
private static class CachedToken {
String tokenValue;
long expiryTimeMs;
String tripId;
}
private CachedToken token;
/*
* This method is called on a background thread. Blocking is OK. However, be
* aware that no information can be obtained from Fleet Engine until this
* method returns.
*/
@Override
public String getToken(AuthTokenContext context) {
// If there is no existing token or token has expired, go get a new one.
String tripId = context.getTripId();
if (tripId == null) {
throw new RuntimeException("Trip ID is missing from AuthTokenContext");
}
if (token == null || System.currentTimeMillis() > token.expiryTimeMs ||
!tripId.equals(token.tripId)) {
token = fetchNewToken(tripId);
}
return token.tokenValue;
}
private static CachedToken fetchNewToken(String tripId) {
String url = TOKEN_URL + "/" + tripId;
CachedToken token = new CachedToken();
try (Reader r = new InputStreamReader(new URL(url).openStream())) {
com.google.gson.JsonObject obj
= com.google.gson.JsonParser.parseReader(r).getAsJsonObject();
token.tokenValue = obj.get("ServiceToken").getAsString();
token.expiryTimeMs = obj.get("TokenExpiryMs").getAsLong();
/*
* The expiry time could be an hour from now, but just to try and avoid
* passing expired tokens, we subtract 5 minutes from that time.
*/
token.expiryTimeMs -= 5 * 60 * 1000;
} catch (IOException e) {
/*
* It's OK to throw exceptions here. The error listeners will receive the
* error thrown here.
*/
throw new RuntimeException("Could not get auth token", e);
}
token.tripId = tripId;
return token;
}
}
Kotlin
class JsonAuthTokenFactory : AuthTokenFactory() {
private var token: CachedToken? = null
/*
* This method is called on a background thread. Blocking is OK. However, be
* aware that no information can be obtained from Fleet Engine until this
* method returns.
*/
override fun getToken(context: AuthTokenContext): String {
// If there is no existing token or token has expired, go get a new one.
val tripId =
context.getTripId() ?:
throw RuntimeException("Trip ID is missing from AuthTokenContext")
if (token == null || System.currentTimeMillis() > token.expiryTimeMs ||
tripId != token.tripId) {
token = fetchNewToken(tripId)
}
return token.tokenValue
}
class CachedToken(
var tokenValue: String? = "",
var expiryTimeMs: Long = 0,
var tripId: String? = "",
)
private companion object {
const val TOKEN_URL = "https://yourauthserver.example/token"
fun fetchNewToken(tripId: String) {
val url = "$TOKEN_URL/$tripId"
val token = CachedToken()
try {
val reader = InputStreamReader(URL(url).openStream())
reader.use {
val obj = com.google.gson.JsonParser.parseReader(r).getAsJsonObject()
token.tokenValue = obj.get("ServiceToken").getAsString()
token.expiryTimeMs = obj.get("TokenExpiryMs").getAsLong()
/*
* The expiry time could be an hour from now, but just to try and avoid
* passing expired tokens, we subtract 5 minutes from that time.
*/
token.expiryTimeMs -= 5 * 60 * 1000
}
} catch (e: IOException) {
/*
* It's OK to throw exceptions here. The error listeners will receive the
* error thrown here.
*/
throw RuntimeException("Could not get auth token", e)
}
token.tripId = tripId
return token
}
}
}
¿Qué sigue?
Inicializa el SDK de Consumer
Salvo que se indique lo contrario, el contenido de esta página está sujeto a la licencia Atribución 4.0 de Creative Commons, y los ejemplos de código están sujetos a la licencia Apache 2.0. Para obtener más información, consulta las políticas del sitio de Google Developers. Java es una marca registrada de Oracle o sus afiliados.
Última actualización: 2025-08-16 (UTC)
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Falta la información que necesito","missingTheInformationINeed","thumb-down"],["Muy complicado o demasiados pasos","tooComplicatedTooManySteps","thumb-down"],["Desactualizado","outOfDate","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Problema con las muestras o los códigos","samplesCodeIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-08-16 (UTC)"],[[["\u003cp\u003eThe Consumer SDK utilizes JSON Web Tokens (JWTs) for authorization to access trip and vehicle data within Fleet Engine.\u003c/p\u003e\n"],["\u003cp\u003eJWTs are generated by your backend server and passed to the client, granting access to specific Fleet Engine services like TripService and VehicleService.\u003c/p\u003e\n"],["\u003cp\u003eClient applications need to implement logic to fetch, reuse, and refresh these tokens to maintain ongoing access to Fleet Engine.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eAuthTokenFactory\u003c/code\u003e is used to generate authorization tokens which must be included in requests sent to Fleet Engine.\u003c/p\u003e\n"],["\u003cp\u003eImplement a secure token fetching mechanism on your server to provide these tokens for the Consumer SDK.\u003c/p\u003e\n"]]],["The Consumer SDK utilizes JSON Web Tokens (JWTs) for authorization with Fleet Engine. These JWTs, provided by your application, grant access to services like `TripService` (requiring a `tripid` claim) and `VehicleService`. Your client must fetch, reuse, and refresh JWTs from your server. The `AuthTokenFactory` class generates and packages these tokens with update information for Fleet Engine. Server-side implementation must issue tokens before SDK initialization, ensuring devices have proper authorization credentials for updates.\n"],null,["The Consumer SDK provides authorization using JSON Web Tokens. A JSON Web Token\n(JWT) is an authorization token that provides one or more claims on a service.\n\nThe Consumer SDK uses the JSON Web Token provided by the application to\ncommunicate with the Fleet Engine. For details of the tokens expected by the\nFleet Engine server, see [JSON Web Tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/jwt)\nand [Issue JSON Web tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt).\n\nThe authorization token provides access to the following Fleet Engine services:\n\n- **`TripService`** - Gives the Consumer SDK access to trip details, including\n vehicle position, route, and ETA. Authorization tokens for the trip service\n must include a `tripid:TRIP_ID` claim in the token's `authorization` header,\n where `TRIP_ID` is the trip ID of the on-demand trip being shared.\n\n- **`VehicleService`** - Gives the Consumer SDK information about the\n approximate vehicle location for displaying the vehicle density layer and\n estimating pickup point ETAs. Because the Consumer SDK uses only approximate\n locations, authorization tokens for the vehicle service don't require a\n `vehicleid` claim.\n\nWhat is a token?\n\nFleet Engine requires the use of **JSON Web Tokens** (JWTs) for API method calls\nfrom **low-trust environments**: smartphones and browsers.\n\nA JWT originates on your server, is signed, encrypted, and passed to the client\nfor subsequent server interactions until it expires or is no longer valid.\n\n**Key details**\n\n- Use [Application Default Credentials](https://google.aip.dev/auth/4110) to authenticate and authorize against Fleet Engine.\n- Use an appropriate service account to sign JWTs. See [Fleet Engine serviceaccount](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/service-accounts#fleet_engine_service_account_roles) roles in **Fleet Engine Basics**.\n\nFor more information about JSON Web Tokens, see [JSON Web Tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/jwt) in\n**Fleet Engine Essentials**.\n\nHow do clients get tokens?\n\nOnce a driver or consumer logs in to your app using the appropriate\nauthorization credentials, any updates issued from that device must use\nappropriate authorization tokens, which communicates to Fleet Engine the\npermissions for the app.\n\nAs the developer, your client implementation should provide the ability to do\nthe following:\n\n- Fetch a JSON Web Token from your server.\n- Reuse the token until it expires to minimize token refreshes.\n- Refresh the token when it expires.\n\nThe `AuthTokenFactory` class generates authorization tokens at location update\ntime. The SDK must package the tokens with the update\ninformation to send to Fleet Engine. Make sure that your server-side\nimplementation can issue tokens before initializing the SDK.\n\nFor details of the tokens expected by the Fleet Engine service, see [Issue JSON\nWeb Tokens](/maps/documentation/mobility/fleet-engine/essentials/set-up-fleet/issue-jwt) for Fleet Engine.\n\nExample of an authorization token fetcher\n\nThe following code example demonstrates how to implement an authorization token\ncallback. \n\nJava \n\n class JsonAuthTokenFactory implements AuthTokenFactory {\n\n private static final String TOKEN_URL =\n \"https://yourauthserver.example/token\";\n\n private static class CachedToken {\n String tokenValue;\n long expiryTimeMs;\n String tripId;\n }\n\n private CachedToken token;\n\n /*\n\n * This method is called on a background thread. Blocking is OK. However, be\n * aware that no information can be obtained from Fleet Engine until this\n * method returns.\n */\n @Override\n public String getToken(AuthTokenContext context) {\n // If there is no existing token or token has expired, go get a new one.\n String tripId = context.getTripId();\n if (tripId == null) {\n throw new RuntimeException(\"Trip ID is missing from AuthTokenContext\");\n }\n if (token == null || System.currentTimeMillis() \u003e token.expiryTimeMs ||\n !tripId.equals(token.tripId)) {\n token = fetchNewToken(tripId);\n }\n return token.tokenValue;\n }\n\n private static CachedToken fetchNewToken(String tripId) {\n String url = TOKEN_URL + \"/\" + tripId;\n CachedToken token = new CachedToken();\n\n try (Reader r = new InputStreamReader(new URL(url).openStream())) {\n com.google.gson.JsonObject obj\n = com.google.gson.JsonParser.parseReader(r).getAsJsonObject();\n\n token.tokenValue = obj.get(\"ServiceToken\").getAsString();\n token.expiryTimeMs = obj.get(\"TokenExpiryMs\").getAsLong();\n\n /*\n\n * The expiry time could be an hour from now, but just to try and avoid\n * passing expired tokens, we subtract 5 minutes from that time.\n */\n token.expiryTimeMs -= 5 * 60 * 1000;\n } catch (IOException e) {\n /*\n * It's OK to throw exceptions here. The error listeners will receive the\n * error thrown here.\n */\n throw new RuntimeException(\"Could not get auth token\", e);\n }\n token.tripId = tripId;\n\n return token;\n }\n }\n\nKotlin \n\n class JsonAuthTokenFactory : AuthTokenFactory() {\n\n private var token: CachedToken? = null\n\n /*\n\n * This method is called on a background thread. Blocking is OK. However, be\n * aware that no information can be obtained from Fleet Engine until this\n * method returns.\n */\n override fun getToken(context: AuthTokenContext): String {\n // If there is no existing token or token has expired, go get a new one.\n val tripId =\n context.getTripId() ?:\n throw RuntimeException(\"Trip ID is missing from AuthTokenContext\")\n\n if (token == null || System.currentTimeMillis() \u003e token.expiryTimeMs ||\n tripId != token.tripId) {\n token = fetchNewToken(tripId)\n }\n\n return token.tokenValue\n }\n\n class CachedToken(\n var tokenValue: String? = \"\",\n var expiryTimeMs: Long = 0,\n var tripId: String? = \"\",\n )\n\n private companion object {\n const val TOKEN_URL = \"https://yourauthserver.example/token\"\n\n fun fetchNewToken(tripId: String) {\n val url = \"$TOKEN_URL/$tripId\"\n val token = CachedToken()\n\n try {\n val reader = InputStreamReader(URL(url).openStream())\n\n reader.use {\n val obj = com.google.gson.JsonParser.parseReader(r).getAsJsonObject()\n\n token.tokenValue = obj.get(\"ServiceToken\").getAsString()\n token.expiryTimeMs = obj.get(\"TokenExpiryMs\").getAsLong()\n\n /*\n\n * The expiry time could be an hour from now, but just to try and avoid\n * passing expired tokens, we subtract 5 minutes from that time.\n */\n token.expiryTimeMs -= 5 * 60 * 1000\n }\n } catch (e: IOException) {\n /*\n * It's OK to throw exceptions here. The error listeners will receive the\n * error thrown here.\n */\n throw RuntimeException(\"Could not get auth token\", e)\n }\n\n token.tripId = tripId\n\n return token\n }\n }\n }\n\nWhat's next\n\n[Initialize the Consumer SDK](/maps/documentation/mobility/journey-sharing/on-demand/android/init-sdk)"]]
