Using Android AccountManager to authenticate users for a server

Question

I'm writing an Android application which has a server connection. I would like to authenticate the app's user on the Android device and let the server know this has been done.

Assuming the user has:

1. entered his/her credentials in the Android device for Google and Facebook (these are the ones I'm currently interested in)
2. allowed the application to use the stored credentials on the Android device
3. the application acquired the details (account user and token) from Android's AccountManager successfully

I would like now to correctly and securely let the server know the app on the device has authenticated the user. How can the server validate that this isn't bogus? Is there a way to validate a token with Google and Facebook on a server without requiring user interaction?

Thanks.

Answer 1

you should take a look at this question: Generating Device-Specific Serial Number

you can take the account name based on the service it uses, like:

AccountManager am = AccountManager.get(this); // "this" references the current Context

Account[] accounts = am.getAccountsByType("com.google");

but you must declare it in manifest and ask the user to validate the permission.