C2DM server. Should we use OAuth now?

Question

I\'m implementing C2DM for my Android app. Client side (Android) went well, but I\'m little bit confused on implementing server side.

My server is C#/.NET. Official

Answer 1

I think OAuth 2.0 is the way to go. I first used ClientLogin for C2DM, but found that there is no managment of issued authorization codes. Even when I revoked access using the Google Account Authorize Access page, I was still able to send messages to my device using authorization codes issued before! Furthermore, I didn't like the idea of storing Google credentials somewhere to obtain authorization codes.

OAuth 2.0 is slightly more complicated, but now that I understand it, I find it much more elegant than ClientLogin.

Basically one generates an OAuth Client ID, OAuth Client secret and a Refresh Token using Google's OAuth 2.0 Playground. These can be used to obtain (refresh) an Access Token that is valid for limited time (usually 1 hour). The Access Token is then used to send messages using C2DM.

I followed this tutorial to set it up, and it works like a charm!