I have a requirement to share a common presistent login (auth token) between 2 or more android apps. The trick is that either app need no be installed for the other to work. They are independent of each other.
So before an app logs in it asks the question "is there possibly another friendly app out there that can give me (or has stored somewhere) a token that I can use?"
Obviously there are various ways (and issues) that I can use to approach this:
What do the stackoverflow folks think is the best approach that is simple but also robust?
Android uses the action ACTION_SEND to send data from one activity to another, even across process boundaries. You need to specify the data and its type. The system automatically identifies the compatible activities that can receive the data and displays them to the user.
Show activity on this post. I have a web application which stores its accesstoken in localstorage. It also has an android application which is basically a webview wrapper of the web application. In this case, the local storage will be saved to apps data folder, say /data/data/com.
OAuth2 provides a single value, called an auth token, that represents both the user's identity and the application's authorization to act on the user's behalf.
You can start by writing an account authenticator. The canonical text on Android authenticator development is http://blog.udinic.com/2013/04/24/write-your-own-android-authenticator/
I wrote an authenticator for my app based on this article. However, what I haven't tried is having two apps with authenticators that register for the same account type. I think it should be possible to have the authenticator code in both apps. When the app asks for an authenticator for your account type with both apps installed, it shouldn't matter which authenticator it uses because they both do the same thing.
You could also have the authenticator in a separate library, but now you have three apps.
EDIT:
Here's how I integrated the authenticator into my app, within a LoginActivity
:
AccountManager.newChooseAccountIntent()
with my authenticator's account type.AccountManager.getAccountsByType()
with the account type, look through the accounts for that username, then call accountManager.getPassword(account)
with that user's account.My authenticator activity has a UI flow for "Add Existing Account to Device". In this case, the user already has subscribed to our service. They enter a username and password, and if they are authenticated on the server, an account is added to the device for that username.
There is also a "Register For New Account" UI flow where the user enters all the registration information and creates a 30-day free trial account. In this process, the user is already authenticated, since the password is entered as part of this process.
This means that when the user chooses Add Account from the Account Chooser, the user is authenticated, while choosing an existing account just returns with the account from the device without authenticating. One of the drawbacks of the AccountManager
Account Chooser is that there is no way to put a flag in the return intent to say what actually happened, so when the Account Chooser activity finishes, you have to go through some hopscotch to see if an authentication occurred or not. I chose a safe & conservative route by just doing the authentication every time, which means I am duplicating server authentication on account additions.
There are a bunch of corner cases you have to think about too, such as:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With