Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

In a nutshell what's the difference from using OAuth2 request getAuthToken and getToken

Tags:

android

authorization

google-app-engine

accountmanager

When deling with access token OAuth 2.0 In a nutshell what's the difference from using:

AccountManager.getAuthToken ("oauth2:https...userinfo.profile"),

and using Google Plays:

GoogleAuthUtil.getToken(mActivity, mEmail, mScope)

As I understand it they both produce a challenge screen for the user, the Google Plays screen is user friendlier. The access token can have same scope right?! Both call have to be asynchronously. InvalidateToken looks like it has to be checked for in both calls, and more?

enter image description hereenter image description here

like image 343
Erik Avatar asked Jan 16 '13 18:01

Erik

1 Answers

I didn't know about using Google Play services for OAuth 2.0 authentication, but after taking a quick look at it, it looks pretty interesting and I think it's something I could prefer to use over the AccountManager.getAuthToken.

Major differences

AccountManager.getAuthToken

Pro:

  • Can be used for all Android 2.0 devices and newer.
  • Is built in to Android and doesn't require any separate SDK.
  • Can be used for all types of accounts that has an authenticator, not only Google.

Con:

  • Returns a token that may have expired so you always have to invalidate the token and request it again to make sure you have a valid token.
  • Requires the permissions GET_ACCOUNTS and USE_CREDENTIALS.
  • Challenge screen is not user friendly for Android 2.*

GoogleAuthUtil.getToken

Pro:

  • Always returns a valid token.
  • Only requires the permission GET_ACCOUNTS
  • User friendly challenge screen.
  • Recommended by Google

Con:

  • Require Android 2.2 and that the device have Google Play
  • Require that you download and include the Google Play services SDK in your app.
  • You need to register your app in the Google API Console
  • Can "only" be used for Google services that uses OAuth 2.0

Challenge screen comparison

AccountManager.getAuthToken Challenge screen on Gingerbread and Ice Cream Sandwich

getAuthToken challenge screen for GingerbreadgetAuthToken challenge screen for Ice cream sandwich

GoogleAuthUtil.getToken Challenge screen

getToken challenge screengetToken challenge screen, more details

Summary

Since the GoogleAuthUtil approach has a much user friendlier challenge screen and requires less permissions at install time I would definitely use this approach instead of the AccountManager.getAuthToken approach whenever I can. Since you always get a valid token and don't have to hassle with invalidating the token it should make the code simpler as well.

like image 140
nibarius Avatar answered Sep 24 '22 09:09

nibarius
Sign in to Comment

Related questions

How can I implement offline maps using osmdroid by saving map tiles images into sqlite database?
Android: draw arc within canvas api with a gradient fill color
How to add a text under the image button in Android?
Delete an sms from inbox
ANDROID - color detection using openCV - how to?
how do i send data back from onPostExecute in an AsyncTask?
android ANTLR make not working properly
Keytool generates SHA1 fingerprint instead of MD5?
MEDIA_TYPE_IMAGE not recognized
ORMLite on Android not calling onCreate
onTouch, onLongClick together in android
android animation glow effect on imageview
findViewById returning null in fragment
Android - How to update notification number
Where/How can I get the Android SDK OEM USB Drivers for a Samsung Galaxy Player (YP-G1) [closed]
Get data from another activity
How can I remove edittext error and request focus in android?
ConnectivityManager.CONNECTIVITY_ACTION get network disconected from in API >= 14?
android maps v2 polygon transparency
load from spinner sqlite with text and value

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!