Android: Google SSO - OAuth or AccountManager? Or both?

Question

After reading all sorts of Stackoverflow postings and various documentation including some on http://code.google.com/p/google-api-java-client/ site I feel utterly confused. So can someone explain to me the best way of achieving the following:

1. Let user to approve my app. I don't really care if this is done by accessing their registered Google account in accounts/settings and approving the app (preferred way) or by calling Google OAuth authentication page
2. Obtain the authentication token that can be used to communicate with Google Reader

Another point of confusion for me - I was able to approve my app using AccountManager and get auth token from it but it won't work with Google Reader. So how to balance Account information from the AccountManager and OAuth? Do I still need to do anything with OAuth after I get approved by user in AccountManager settings?

Code example would be nice but I look more for some clear explanation on how all these pieces are related to each other

Answer 1

The account manager lets you get authentication tokens for different services. There are different concrete implementation under the hood: ClientLogin, OAuth, etc. To get it to work with, say, Google Reader, you need to pass the appropriate token type. For ClientLogin, those are short string like "ah" (App Engine) and "reader" (Google Reader). For OAuth, they are scopes, as defined by each service. So, what are you passing as the authTokenType parameter?

Getting the token is asynchronous, since it may involve network access. If there is a cached token, it will be returned right away, if valid. The flow is not that complicated, see the link above for the pretty picture. Once you get the token, you put it in the appropriate header, and use the API as per the spec.

Answer 2

Here's an Android training class on AccountManager that might help:

http://developer.android.com/training/id-auth/authenticate.html

Also, using AccountManager with Google Reader is currently the only preferred way of doing this. Directing your users to a login page with a WebView is not very secure and using a browser isn't supported by Google APIs as far as I know (I'm also not sure if Reader uses OAuth2 or not).