Webservice Credentials - Openid/Android Accountmanager

Webservice credentials - OpenID/Android AccountManager?

We had a similar requirements on the last project: GAE backend with GWT frontend and Android/iPhone clients. Also, we did not want to store user credentials.

So we choose to use OpenID, which is unfortunately a Web standard and does not play well with mobile devices, but is doable.

On the GAE side we simply enabled federated login which gave us OpenID.

On mobile devices, when user needs to login we present to them a list op OpenID authenticators (Google, Yahoo, etc..). Then we open a native browser (not embedded browser) and direct user to chosen OpenID authentication site. The upside is that user's browser usually already has username/pass remembered, so this step just requires user to press one button.

This is all pretty straightforward. Now here is the tricky part:
After user confirms login, OpenID redirects back to our GAE return url (you need to provide this url when request is made). On this url we create a custom URL, for example:

yourappname://usrname#XXXYYYZZZ

where XXXYYYZZZZ is auth token. We get this token from the return page where it's stored as an ACSID cookie: we used some JSP to read this cookie and wrap it into above custom URL.

Then we register our Android and iPhone apps to handle the yourappname:// URLs, so that when user cliskc this link, our app is invoked and the link is passed to it. We extract user name and token from this link and we use it in REST requests to the GAE backend.

If you have any more questions I'd gladly update this post.

Update:

The user session cookie on production AppEngine is named ACSID, while on development AppEngine server it's named dev_appserver_login.

Use Android AccountManager to do AppEngine login through UserService

This blog post covered exactly what I needed.

For two alternate (and in my opinion less than ideal) solutions, check out this thread: Webservice credentials - OpenID/Android AccountManager?

Android: access google accounts information

I found a solution to this problem ( Webservice credentials - OpenID/Android AccountManager? - see Igor Zubchenok answer).

Now I send the auth token to my server where I use gdata/gauva jars to getter informations about the account.

AuthToken from AccountManager in Android Client No Longer Working

Got help for this from a Google engineer. Turns out my authToken was expired. I had initially gotten the implementation working in early December (the 9th to be exact). Apparently what the AccountManager does is cache the authToken, so I had been using the same authToken since Dec. 9th. When I got back from the holidays it had expired.

To solve the issue, I now call getAuthToken, then call invalidateAuthToken on that token, then call getAuthToken again. This generates a valid authToken and works just fine, even if it is a little clunky and would be unnecessary if AccountManager just got a fresh authToken each time, or did a check to see if the cached one was expired.

Note that you must not mix up token type with account type: invalidateAuthToken must be called with "com.google" instead of "ah" or it will silently fail.

Obtaining a basic google auth-token from AccountManager

This is doable using OpenID Connect, however it's sort of experimental, so details could change in the future. If you get an OAuth token for the 'https://www.googleapis.com/auth/userinfo.email' or 'https://www.googleapis.com/auth/userinfo.profile' scope you can use it to get user info from https://www.googleapis.com/oauth2/v1/userinfo (including email). Of course the user needs to authorize this.

You should theoretically be able to get the token from AcccountManager using the "oauth2:https://www.googleapis.com/auth/userinfo.profile" as the token type, but that doesn't appear to work on my device (Galaxy Nexus with stock 4.0.4). Since getting a token via the AccountManager doesn't work (at least for now), the only reliable way is to use a WebView and get one via the browser as described here: https://developers.google.com/accounts/docs/MobileApps

There is a demo web app here that does this: https://oauthssodemo.appspot.com

(late) Update: Google Play Services has been released and it is the preferred way to get an OAuth token. It should be available on all devices with Android 2.2 and later. Getting a profile token does work with it, in fact they use it in the demo app


Related Topics

Gradle Sync Failed Could Not Find Constraint-Layout:1.0.0-Alpha2

Firebase Ontokenrefresh() Is Not Called

Android: Setselection Having No Effect on Spinner

How to Hide Toolbar When I Scrolling Content Up

What Is a Maximum Size of SQLite Database on Android

Listen to Own Application Uninstall Event on Android

How to Disable Status Bar Click and Pull Down in Android

Using Camera in the Android Emulator

Run Task Before Compilation Using Android Gradle Plugin

How to Open My Existing Eclipse Projects in Android Studio

Programmatically Add View One Below Other in Relative Layout

Circular Reveal Transition for New Activity

Is Gui for Android Sdk Manager Gone

Layout for Tablets in Android

Starting Activity from Fragment Causes Nullpointerexception

Android Camera Android.Hardware.Camera Deprecated

Android in App Purchase: Signature Verification Failed

Playback Video Full Screen


Leave a reply



Submit