Android & OAUTH 2.0

Question

I cannot work this out to save my life!

So, I have a Codeigniter based REST api with an OAUTH 2.0 (draft 23 or something) server for my own auth system (not using Twitter or FB)

I want to be able to use this to allow users to "log in" to my Android app.

I can't find any information about this on the internet anywhere. There are a couple of unsupported OAUTH 2.0 client libraries out there, such as Leeloo (which moved to Apache Amber, which hasn't been updated for over a year, and there have been no releases under Amber).

My questions therefore are:

1. Is OAUTH 2.0 too new? It seems to be a couple of years old... is it still too new to work with. Should I be using OAUTH 1? (which seems to be unsupported anyway - all the codeigniter OAUTH 1 libs have moved to 2.0).

2. Should I be using a completely different technology? e.g. I have heard of "xauth". Again information on this seems to be pretty sketchy.

3. Is it something easy enough to do myself? It doesn't appear so, but do most people just create their own homebrew solutions? I can't find much info about this either.

Any help you can give me will be great. Any resources you can point me too as well will be pretty amazing.

Thanks for your time.

Answer 1

1. No, OAuth 2.0 is old enough to be supported by some good open source libraries. You could e.g. use scribe.

2. Sorry, I don't know enough about XAuth yet to help you with that.

3. Yeah, it's really easy using scribe. To support a custom Provider you simply have to extend org.scribe.builder.api.DefaultApi20. As your using the same Draft of OAuth 2.0 as Google does, you can use the implementation for the Google API in Thomas Bruyelle's fork of scribe as a blueprint. This article should get you started for using scribe with Android. You could further check out the Google example from the scribe fork here.