Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google signin in Android app to consume Cloud Endpoints backend

Tags:

android

oauth

google-signin

google-cloud-endpoints

I am writing an Android app with a Google Cloud Endpoints backend, and I want to restrict my backend with a Google signin.

I have followed the Android instructions, and have successfully logged in. In other words, I have received a token, which I can then pass to the server and verify the user it stands for. Great.

However, I am missing the bigger picture here. Questions:

  1. Am I supposed to be sending this token with each request back to the server, and repeat the process of verifying it in each request?
  2. If yes, the token will expire at some point (1 hour I believe). I suppose the user does not have to login again, there should be away to avoid this, right?
  3. Is a way to refresh the token (I think Google Signin is OAuth2)?
  4. And most importantly, is all this the standard way someone uses Google signin to protect their backend? I was expecting this to be very straightforward process, since I am only using Google products. However, I am finding myself lost in pages and pages of documentation on Android and Cloud Enpoints with pieces of the puzzle.

Any help or insight is appreciated.

like image 477
Markos Fragkakis Avatar asked Mar 18 '17 23:03

Markos Fragkakis

People also ask

How do Android apps connect to backend?

In Android Studio, open an existing Android application that you want to modify, or create a new one. Select the Android app module under the Project node. Then click Tools > Google Cloud Endpoints > Create App Engine Backend. In the wizard, enter the Project ID, Project Number, and API Key of your Cloud project.

What is the backend of an Android app?

It is a piece of software that runs on machines called servers. Backend development for mobile applications empowers the main working of the application. It incorporates things like servers, databases, middleware, and so on and can be accessed through the internet via an application programming interface (API).

1 Answers

I have not used android authentication but google uses outh2 for all its authentication. Google SDKs may help you alleviate some of the pain of using oauth2. To answer your questions

  1. Yes - You are in the world of token based authentication and you do send the token with every request.
  2. Yes. token will expire after an hour. To get around this when you first do an oauth2 authentication, you also get a refresh token. When the token of the user expires you use the refresh token to get the new token. This refresh token can be stored on the client side. Client will find during one of its requests that that existing token is expired and would request for a new token using refresh token
  3. Yes you use the google refresh token URL to use the refresh token and get the new token. I have given the important oauth URLs of google below.
  4. This is indeed oauth2 process my friend.

since you are using cloud endpoint I believe that you would be making the authentication endpoints.

You generally make the following endpoints when doing oauth2 authentication using a service provider(google, facebook, github, etc):

https://webiste.com/auth/signin/{provider}
https://webiste.com/auth/callback/{provider}
https://webiste.com/auth/refresh/{provider}

Following are the google URLs for oauth2 that you would use:

oauth_url: 'https://accounts.google.com/o/oauth2/v2/auth',  //start auth
token_url: 'https://accounts.google.com/o/oauth2/token',   //get id_token, access_token, refresh_token token
refresh_token_url : 'https://www.googleapis.com/oauth2/v4/token',
token_info_url: 'https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=',  //validate token

You would also want to go through google's oauth2 documentation at https://developers.google.com/identity/protocols/OAuth2.

like image 81
Prabhat Avatar answered Oct 21 '22 10:10

Prabhat
Sign in to Comment

Related questions

Is there any way to store credit/debit card detail for future use Using Braintree Android SDK
Add ?attr/selectableItemBackground to View and set Background Color
SmsManager SendDataMessage in Android
Constraint layout's width and height attributes automatically reset to 0dp
Proper design of a starring/liking system in Firebase: Should I use transactions?
import com.amazonaws.services.dynamodbv2.document.DynamoDB; the document part of the import cannot be resolved
How can i Simulate SHUTDOWN of Parse.com to measure its imapact?
How to enter LLDB command via Android Studio
Use setType() on intent to allow only jpeg and png images; not gif images
Multiple Native Modules in Android Studio
How to use DefaultDatabaseErrorHandler to handle database corruption in Android
React Native onLayout nativeEvent.layout.y always returns 0
Android: WebView shouldInterceptRequest not adding RequestProperties in the WebView
Circle CI Automated for Android Project could not build the APK file and not installed into the device
How to send a print job to a printer through React Native
Android Changing a Normal Layout to Tab Layout error in Image buttons and other?
Robolectric: NullPointerException in setupActivity()
How to know which SIM is consuming mobile data in dual SIM android phone?
Android Studio 2.3 not showing exception stacktrace
DataBinding not working at Android Studio 2.3,cannot be cast to android.databinding.tool.expr.StaticIdentifierExpr

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!