C2DM server. Should we use OAuth now?

时间秒杀一切 提交于 2019-12-09 03:42:55

问题


I'm implementing C2DM for my Android app. Client side (Android) went well, but I'm little bit confused on implementing server side.

My server is C#/.NET. Official documentations links to 404 when it comes to authentication: https://developers.google.com/android/c2dm/#handling_reg

I found another page: https://developers.google.com/accounts/docs/AuthForInstalledApps

But it says deprecated. So, I'm not sure what to do now. Go with deprecated functionality or learn how to use OAuth? (never done this before)

If I go with OAuth - what should I pass in here: Authorization: GoogleLogin auth=[AUTH_TOKEN] ?

Any pointers on this subject will be appreciated

Recent post from Google sounds like Client Login is the way to go... http://android-developers.blogspot.com/2012/04/android-c2dm-client-login-key.html


回答1:


I recently started setting up C2DM myself, and I had the same confusion you did when I saw the deprecation notice. My best understanding is that while Google is moving to OAuth 2 for most services, deprecating ClientLogin, C2DM still uses ClientLogin, so that's what you have to use in this case.

Rationale:

  • Absolutely everything in the (up-to-date and frequently updated) C2DM documentation explicitly refers to ClientLogin, strongly suggesting that the service is tied to this particular authorization method. ClientLogin is explicitly mentioned 11 times, while no mention is made to OAuth or to any other possible means of authentication.

In short, I believe that you must use ClientLogin for C2DM and should ignore the fact that it is deprecated for other Google services that are better served by OAuth. It doesn't appear that anything other than ClientLogin is intended to be used with C2DM in the foreseeable future.




回答2:


I think OAuth 2.0 is the way to go. I first used ClientLogin for C2DM, but found that there is no managment of issued authorization codes. Even when I revoked access using the Google Account Authorize Access page, I was still able to send messages to my device using authorization codes issued before! Furthermore, I didn't like the idea of storing Google credentials somewhere to obtain authorization codes.

OAuth 2.0 is slightly more complicated, but now that I understand it, I find it much more elegant than ClientLogin.

Basically one generates an OAuth Client ID, OAuth Client secret and a Refresh Token using Google's OAuth 2.0 Playground. These can be used to obtain (refresh) an Access Token that is valid for limited time (usually 1 hour). The Access Token is then used to send messages using C2DM.

I followed this tutorial to set it up, and it works like a charm!




回答3:


Did you see this Java example?

http://code.google.com/p/google-api-java-client/wiki/OAuth2Draft10

It's easy to understand in my opinion.



来源:https://stackoverflow.com/questions/10859246/c2dm-server-should-we-use-oauth-now

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!