Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I use Android's AccountManager for getting OAuth access token for AppEngine?

I have Android client to my AppEngine server, both using Google Accounts. I would like to use AccountManager for getting accessToken for OAuth. So far I'm using ClientLogin, but I would like to switch to OAuth.

Setting up OAuth on AppEngine is easy - I followed this article. But the client side is a mystery, in particular I don't know what to use for scope, in AccountManager terms authTokenType. For ClientLogin, I'm using "ah" for authTokenType. But what about OAuth?

like image 736
David Vávra Avatar asked May 01 '12 16:05

David Vávra


People also ask

How can I get Google OAuth ID token?

You can get an ID token from the metadata server when your code is running on the following Google Cloud services: Compute Engine. App Engine standard environment. App Engine flexible environment.

How OAuth works in Android?

OAuth 2 basics principles This is a 3 steps authentication, you register your application in the google console and then receive your clientID. then you talk to an authorization server with your clientID, which returns you a code, using this code, you then can talk to the api server and ask for the token.


2 Answers

As of today you can use Google Play Services API on android to do Oauth 2.0 authentication on android. You could then use the method described by @nivco to get the userinfo on appengine. I have not done this yet, but I plan tp do exactly what your talking about.

https://developers.google.com/android/google-play-services/authentication

like image 52
Patrick Avatar answered Oct 28 '22 17:10

Patrick


I'm not sure what you are trying to do is possible through the App Engine OAuthService used in the article you are referring to. Also it is stated that AppEngine OAuthService only supports OAuth 1 but Android only supports OAuth 2 :) so you are screwed.

If you want to do cross Android - App Engine authentication, what I would do is:

  1. In Android: get an access token for the UserInfo API (scope = https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile) from the AccountManager.
  2. Pass the access token to App Engine in a URL param of the request you are making from Android to AppEngine (make sure you use HTTPS to avoid interception!).
  3. On the App Engine side: use the access token to read the user's identity using the UserInfo API. This is basically using OpenID Connect!
  4. Then you can use the information you got from the UserInfo API to authenticate the user. The email and the user ID you'll get from the UserInfo API is equivalent to the email and user ID you would get from the AppEngine's UserService => you can trust it!

PS: I described getting OAuth 2 tokens using the Android AccountManager in this article. It was written pre-Ice Cream Sandwich but I'm hopping it is still valid. Basically the authTokenType needs to be oauth2:{scopes}, so for instance oauth2:https://www.googleapis.com/auth/tasks for the Tasks API. There might be some better ways to do this now.

like image 26
Nicolas Garnier Avatar answered Oct 28 '22 17:10

Nicolas Garnier