Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Authenticate user logged in with FB at my server using the Android Account Manager

Tags:

android

authentication

facebook

oauth

accountmanager

I have a question about authentication using the Android Account Manager. We have a backend and an Android app and the user should log into our backend using his Facebook account. Currently we show a webview for this purpose which does normal oAuth 2 but using the Android Account Manager is more secure and much easier for the user so we want to switch. My question is, how can the server validate if the user is really who he pretends to be. Since we cant trust the App we have to talk to fb from the server side to validate if the user really is who he pretends to be. Based on a quite similar idea I made the following diagram to ask you if this is the correct way to do it or if I missed something:

Steps before the user is authenticated at "My Server" The flow would look like this:

  1. User wants to log in with his facebook account
  2. The Android Account Manager is shown where he picks the facebook account
  3. The user grants access that "My app" is allowed to access his fb data
  4. The Android Account Manager gets an auth token from the Facebook server
  5. The "My App" now has the auth token and can access the fb data of the user
  6. The "My App" passes the tokten to "My Server"
  7. The "My Server" now checks if token valid by getting the user data from the fb server
  8. If the token was valid the "My Server" gives back a normal temporary valid cookie for the current session with "My App". The user is now logged in at My Server with his fb account.

So is this the correct way? Is step 6 a good idea to pass the token once to "my server" or is there a better way? Btw Facebook is just an example here, we use different auth providers like FB, Google and Twitter but the flow should be the same for each one.

like image 637
Simon Avatar asked Feb 23 '15 15:02

Simon

People also ask

What is the future of FB login authentication on Android Embedded browsers?

Updated on August 27, 2021: We will continue to support FB Login authentication on Android embedded browsers until October 5, 2021. Based on developer feedback, we are providing additional time for developers to plan for the deprecation of FB Login authentication on Android embedded browsers.

How do I authenticate to Firebase from Facebook?

Authenticate Using Facebook Login on Android. You can let your users authenticate with Firebase using their Facebook accounts by integrating Facebook Login into your app. Before you begin. If you haven't already, add Firebase to your Android project.

How do I use OAuth2 with Android account manager?

Use AccountManager to learn the user's account name (s). Use OAuth2 to help users get permission to access web services without needing to type in a login name or password. Add your own account type to the Android Account Manager.

How do I authenticate my own back-end services in Android?

Add a custom account to the user's device to authenticate your own back-end services Use AccountManager to learn the user's account name (s). Use OAuth2 to help users get permission to access web services without needing to type in a login name or password. Add your own account type to the Android Account Manager.

1 Answers

I don't know if this the correct way or not. But i'd like to share how we tackled this problem in our case which was pretty much same as your solution. We were using Google and Facebook auth providers.

Our android app sends token to the server and then server validate the token depending on the provider if it is validated then user is good to go if it isn't we show the appropriate message. Also we used to check the validation of token every time when user open the app at server end if token is still valid user can use app if it is not we just bring user back to log in screen so user can validate himself again because token get expired after some time.

like image 149
Zeeshan Shabbir Avatar answered Nov 14 '22 00:11

Zeeshan Shabbir
Sign in to Comment

Related questions

Understanding measureWithLargestChild: Why breaks the layout?
Getting latitude & longitude from address in android
Gesture Listener onFling Not Acting Consistant
How to check if two images are similar or not using openCV in java?
How to test android enterprise application on various devices
Light ide for android development [closed]
How to check if user is inside a Circle Google maps v2
How do I restrict drag and drop along the y axis only in android?
How to customize individual tabs? (changing background color, indicator color and text color)
How to capture app traffic on Android
Admob mediation earnings
Extra push notification sent to Android device
How to run a thread in the background after the app is killed
Android Actionbar change menus position
opencv face recognition returns same name from DB for unknown users
How to work with custom dimension in Google Analytics v3 for Android app
character mapping in edittext android
Android round corner layout in dialogfragment
Android ConnectivityService "Neither user 10052 nor current process has android.permission.ACCESS_NETWORK_STATE."
How to chain multiple RxJava's groupBy() methods such as groupBy().groupBy()

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!