C2DM server. Should we use OAuth now?

后端 未结 3 1417
情歌与酒
情歌与酒 2021-01-20 03:14

I\'m implementing C2DM for my Android app. Client side (Android) went well, but I\'m little bit confused on implementing server side.

My server is C#/.NET. Official

相关标签:
3条回答
  • 2021-01-20 03:47

    I recently started setting up C2DM myself, and I had the same confusion you did when I saw the deprecation notice. My best understanding is that while Google is moving to OAuth 2 for most services, deprecating ClientLogin, C2DM still uses ClientLogin, so that's what you have to use in this case.

    Rationale:

    • Absolutely everything in the (up-to-date and frequently updated) C2DM documentation explicitly refers to ClientLogin, strongly suggesting that the service is tied to this particular authorization method. ClientLogin is explicitly mentioned 11 times, while no mention is made to OAuth or to any other possible means of authentication.

    In short, I believe that you must use ClientLogin for C2DM and should ignore the fact that it is deprecated for other Google services that are better served by OAuth. It doesn't appear that anything other than ClientLogin is intended to be used with C2DM in the foreseeable future.

    0 讨论(0)
  • 2021-01-20 03:57

    Did you see this Java example?

    http://code.google.com/p/google-api-java-client/wiki/OAuth2Draft10

    It's easy to understand in my opinion.

    0 讨论(0)
  • 2021-01-20 04:07

    I think OAuth 2.0 is the way to go. I first used ClientLogin for C2DM, but found that there is no managment of issued authorization codes. Even when I revoked access using the Google Account Authorize Access page, I was still able to send messages to my device using authorization codes issued before! Furthermore, I didn't like the idea of storing Google credentials somewhere to obtain authorization codes.

    OAuth 2.0 is slightly more complicated, but now that I understand it, I find it much more elegant than ClientLogin.

    Basically one generates an OAuth Client ID, OAuth Client secret and a Refresh Token using Google's OAuth 2.0 Playground. These can be used to obtain (refresh) an Access Token that is valid for limited time (usually 1 hour). The Access Token is then used to send messages using C2DM.

    I followed this tutorial to set it up, and it works like a charm!

    0 讨论(0)
提交回复
热议问题