发表新帖
发表新帖

Can I use Android's AccountManager for getting OAuth access token for AppEngine?

前端 未结
关注
2 1361
遇见更好的自我
遇见更好的自我 2021-02-07 12:43

I have Android client to my AppEngine server, both using Google Accounts. I would like to use AccountManager for getting accessToken for OAuth. So far I\'m using Client

相关标签:
2条回答
  • 自闭症患者
    2021-02-07 13:19

    As of today you can use Google Play Services API on android to do Oauth 2.0 authentication on android. You could then use the method described by @nivco to get the userinfo on appengine. I have not done this yet, but I plan tp do exactly what your talking about.

    https://developers.google.com/android/google-play-services/authentication

    0 讨论(0)
  • 猫巷女王i
    2021-02-07 13:37

    I'm not sure what you are trying to do is possible through the App Engine OAuthService used in the article you are referring to. Also it is stated that AppEngine OAuthService only supports OAuth 1 but Android only supports OAuth 2 :) so you are screwed.

    If you want to do cross Android - App Engine authentication, what I would do is:

    1. In Android: get an access token for the UserInfo API (scope = https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile) from the AccountManager.
    2. Pass the access token to App Engine in a URL param of the request you are making from Android to AppEngine (make sure you use HTTPS to avoid interception!).
    3. On the App Engine side: use the access token to read the user's identity using the UserInfo API. This is basically using OpenID Connect!
    4. Then you can use the information you got from the UserInfo API to authenticate the user. The email and the user ID you'll get from the UserInfo API is equivalent to the email and user ID you would get from the AppEngine's UserService => you can trust it!

    PS: I described getting OAuth 2 tokens using the Android AccountManager in this article. It was written pre-Ice Cream Sandwich but I'm hopping it is still valid. Basically the authTokenType needs to be oauth2:{scopes}, so for instance oauth2:https://www.googleapis.com/auth/tasks for the Tasks API. There might be some better ways to do this now.

    0 讨论(0)
 看不清?
提交回复
热议问题