I am trying to login my Android users with their Google accounts. I managed to get auth token from AccountManager. I also found some info that I need to use Google App Engine (so I did). I wrote some code (it is not the issue) and I have two questions. Maybe someone can help me.
I was following this tutorial. I understand most of it. But should I write any server-side scripts? This tutorial doesn't mention any. Also according to this tutorial I should get code 302 response, which I get. Does it mean that authentication was positive? Or maybe now I have to do something?
I am getting auth cookie (I think it is auth cookie) which contains very long value (I think over 500 symbols), expiration date and name. How should I use this cookie? Or maybe I don't have to use it? How can I use it to get user google account username? (I think there is that kind of value, different from email address)
Anyone can help?
Thanks in advance.
You don't need to write any server side scripts, all the server side stuff is already on every Google App Engine App.
You need to pass the cookie when doing a request into App Engine.
Related
The application I'm creating is supposed to allow client to send some feedback to server, so I make a simple httprequest with my feedback and other information in it, but I wanna make sure that request can only come my application, the rest should be rejected. So what are my choices?
Thank you for your helpful directions in advance.
P.s: I'm not asking for code, just the best practice.
I have looked for the same thing and what is possible is to force the app users to sign in with their Google account and then you can get verification via tokens that the call came from your app as described here:https://developers.google.com/identity/sign-in/android/backend-auth
That there isn't an option without having users sign in is disappointing.
I spent a lot of time looking for any clarifications about using oAuth with FB and Twitter.
I have to do application which will be using access_token. This token will be used also on diffrent devices to access user account via API.
When I'm looking for "how to use access_token" I only finding "how to get token".
If I something miss reading documentation please let me know, especially where is example - how to use this token on other devices to access API to send eg. post.
I have found Twiiter4j and Facebook4j these libs helped me... I've got this access_token and now what next, how connect to API... I know that it's no possible to get access to Twiiter API - ok, but what about FB and "client side"
please help.
Oauth can be complicated so let me try to explain it simply.
User visits your website
Your website checks if it has seen this visitor before (usually with a cookie)
If not, send them to FB/Twitter/Whatever's oauth url. In that redirect, we tell FB/Twitter/Whatever that we're going to need x,y,z permissions (access a users timeline, see a users friends, etc). We also tell FB/Twitter/Whatever that when the user says ok, send them back to www.myurl... Finally, we take everything in this request and "encrypt" it, to prove it's really our site asking. The key to this is only saved on our backend, so the frontend (javascript/html) never sees it.
FB/Twitter/Whatever sees the request. They also see the "encryped" form of the requests. Fb/Twitter/Whatever knows this key too (they gave it to us, it's usually called the "secret" when you're configuring your oauth) They can verify it's really your backend asking for permission.
If the user agrees, we get a token. We store that token (on our backend, php, java, ruby, etc) and remember it belongs to that user.
The main thing to stress here is that in order to do the oauth handshake, you need a secret key that you never output to the browser. That means you'll need to implement part of this on your backend. You've tagged this with java so maybe that means you're using java as your backend, maybe with Google app engine or something. You'll need to find the oauth library for that, and work it out from there.
You can't create the oauth handshake only with frontend code.
I have taken up an assignment for a website and I am creating an android app for them. I am new to android programming and also new to web programming (using xml, http post and get, etc.).
My doubt is a basic one. I am trying to create the login page for this website and I don't know if the url of the website is sufficient or I need some other data such as the website's server address. And if I do need the web server address, is there a way to obtain this from my browser? Or do I ask the people who made the website itself for this?
P.S. I apologize if this is a very basic doubt. Bear with me. I am a beginner.
I am not an android application expert but I think you would need to get details about the following :
How to pass authentication details to server, for example if you need to get a SAML token from any of the ID servers? Or is it just sending out the plain username and password.
Just the website url may not be enough.
Please have a look at the weblink for authenticating against openID or SAML technologies
https://developers.google.com/accounts/docs/MobileApps
It depends on how the website is structured. Is there some kind of API for the website? If so use that. Otherwise you'll have to post the data to the same page the data gets POSTed to through a browser and find some way to catch an error or success. This method is not preferred. Also there may be some kind of central authentication server (Such as LDAP or AD) If so you would have to interface directly with that.
I am able to load my app in facebook iframe, but can anyone help me with the user authentication in java. Any help will be really appreciated. Thanks
All java API clients provide extensive documentation on authentication. Here are two:
restfb
spring-social-facebook
Authentication follows the OAuth dance, which includes exchanging tokens. A tricky bit is that you should store the initial request token in your session, in order to be able to get it when facebook redirects the user back afterwards.
You can use a sdk like this one or you can find your way trough the facebook api, the requests are simple.
I'm trying to develop an android app which needs to fetch information from a servlet hosted in my Java EE application server.
To access this servlet, I need to be first authenticated with the Application server. I searched the web to get information on how exactly this works. During authentication how dows the android app store the cookie, and then how does it transfers the cookie to the server for every request?
I got some bits and pieces of information about HttpClient. I'm not sure if this is the correct one which I should be using. It will be a great help if someone could guide me. If there are any documents available please share with me.
Maybe the HttpUrlConnection documentation page is what you are looking for?
I am assuming this is native app, if so, first you need to authenticate and get the cookie. It would be your responsibility to store the cookie some where and pass it in sussequent http calls. If it is not native, I am not sure how it works.