Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

validating Android's authToken on third party server

Tags:

android

google-api

accountmanager

picasa

I'm writing an Android application, which uses AccountManager to get the token. From an android app I'm able to interact with Google Picasa - it works fine.

What I would like to achieve is the following: send some text + authToken to my third party server, then check if the token is correct before saving the text. Now the question is: is it possible to determine if the authToken of a particular token is correct solely on the token itself (and maybe email address).

I've already programmed the server part, which accepts the token (send from android application), then issues a request to an URL address:

https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%

What I get back is the following JSON:

{
  "error" : "invalid_token"
}

But the link here http://oauthssodemo.appspot.com/step/4 states that if a token is correct I should receive a different JSON response. Can you tell me what I'm doing wrong: I believe that the way to check token's validity really isn't that simple, but I should rather implement the whole openid or something. Even if that is the case, how can I check whether the token send by android app is correct, so I can save the 'text' part of the message.

Thank you.

like image 324
eleanor Avatar asked Mar 23 '12 18:03

eleanor

2 Answers

Stop using AccountManager and start using Google Play service’s GoogleAuthUtil class, then it gets easy. See http://android-developers.blogspot.ca/2013/01/verifying-back-end-calls-from-android.html

like image 166
Tim Bray Avatar answered Dec 12 '22 13:12

Tim Bray

The solution is as follows. You can verify the token via this url:

https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%

But in my case I was trying to validate "Authorization code" and not "Access token" as you can see here: https://code.google.com/oauthplayground/

If you're using Android and OAuth don't use 

lh2

but rather use the following as service name:

http://picasaweb.google.com/data/

So you should call getAuthToken as follows 

getAuthToken(account, "http://picasaweb.google.com/data/" , true, null, null);

Then you can validate the token received from this call on the URI posted above.

like image 29
eleanor Avatar answered Dec 12 '22 13:12

eleanor
Sign in to Comment

Related questions

R.java was modified manually! Reverting to generated version
Proguard retrace output confusion
Android OverlayItem.setMarker(): Change the marker for one item
Check if app available on Android Market
Android stacked views
How to send Hex Values via Bluetooth in Android
Show numbers in ProgressBar
Android Actionbar Tabs and Keyboard Focus
Move Android source into case-sensitive image
Does ContentResolver notifyChange method notifies also detail Uri's?
Android - What debug.keystore file is IntelliJ signing my app with?
SyncAdapter Without an Account
Sync from Android phone's calendar to Google Calendar on web without using Google Calendar Data API. Is this possible?
Processing Android video frame by frame while recording
How to hide StatusBar in Android 4
Storing currency in SQlite android database
Eclipse could not resolve string resource error
Convert jQuery mobile application to apk
File Explorer always empty in Eclipse
Android: How to fill color to the specific part of the Image only? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!