Android authentication to google accounts passed on to Google App Engine

十年热恋 提交于 2019-12-21 17:18:07

问题


Before I dig into the details of implementing this particular design, I wanted some advice/validation on whether I was approaching it correctly. I have a beginners knowledge of Android, advanced beginner in Python, GAE, and OpenId.

Environment

  • Android application
  • Web Services built in Python on Google App Engine
  • User(s) with Google Account

Scenario

I want to enable sign-in capabilities in my Android application without writing my own authentication system in GAE. Within the app, the user should be able to play as a guest without the ability to save high scores. If a user would like to have his high scores saved, he would authenticate against his Google account on the Android device. At the end of the game, the authenticated users high score would be saved (associated with his Google Account) via the game's web services on Google App Engine. The user should also be able to sign-out and hand the device to a friend who could also log in, play a game, and save her high scores associated with her Google account.

Design

  1. In the Android application, use OpenId for authentication whenever the user wishes to sign-in (using something along the lines of what Nick has posted here.
  2. Grab the OpenId token from the cookie that is returned and associate it with the current user.
  3. Make a web service call to the GAE services adding the token as a cookie and including the high score
  4. The web service would authenticate that the token is valid
  5. The web service would determine the unique Google accounts id associated with the token (don't know how to do this, but assuming there should be a means to do this) and lookup that unique id against a cross reference table to find the users in-game id (which was previously created during account setup)
  6. Save the high score associated with the in-game id.
  7. Allow logout so another user can login to the game with their Google Account and repeat above process

Thank you for your help


回答1:


You might find the 2011 Android + App Engine IO talk helpful.




回答2:


I would look at Google's OpenID instead of OAuth. OpenID is the protocol for a federated login. See Google's information on OpenID.



来源:https://stackoverflow.com/questions/7107216/android-authentication-to-google-accounts-passed-on-to-google-app-engine

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!