Android login with google offline access

Question

I'm trying to get login to google working using these guides: http://www.androidhive.info/2014/02/android-login-with-google-plus-account-1/ https://developers.google.com/+/mobile/android/getting-started

The login works and I'm able to sign in correctly. Now the next steps I need are to send the access and refresh tokens to my server so that the server can access the users google account details(picture/name etc) and save it in the database as a new user.

I tried getting the access token using the code here: https://github.com/googleplus/gplus-photohunt-client-android/blob/master/src/com/google/plus/samples/photohunt/auth/AuthUtil.java

and when i plug that access token here: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=

i see that the access_type is "online". I believe in order to receive a refresh token and get this to work, i will need to request offline access from the user. I'm not sure how I can do that from the code give in the guide above.

I suspect it must be here:

// Initializing google plus api client
        mGoogleApiClient = new GoogleApiClient.Builder(this)
                .addConnectionCallbacks(this)
                .addOnConnectionFailedListener(this).addApi(Plus.API, null)
                .addScope(Plus.SCOPE_PLUS_LOGIN).build();

But there is no way for me to set the access type to offline here. At this point this whole process sounds pretty complicated and I'm hoping someone who has done this before has a guide/tutorial written someplace that makes it easier to understand how to make a user login to your android device and save that user in your database on your server so they are both in sync. Any help and direction would be appreciated.

EDIT 1: On reading the google docs more, it is possible to get the flow working as I described above: https://developers.google.com/accounts/docs/CrossClientAuth How do all the android apps tackle user registration on multiple platforms? Like both android and website? If the method I'm trying is the only way, I would have expected more resources on it. Or if there is another alternative solution, I'd love to know. Thanks.

Answer 1

Indeed the correct approach is to use the CrossClientAuth direction.

The first time user opens your application, you can request an id_token w/ audience equal to your website client_id. This requires no additional user consent if you already know the user's email address, since id_token is just an identification token. You can then validate if the account exists in your home server w/o additional human interaction. If the account does not exist, you can obtain an authorization code and send it to your home server using the CrossClientAuth technique. After you home server is authorized, your Android app should be able to get access_tokens w/o further approvals by simply requesting such tokens.