I want to pass Gmail id and password and get the access to users drive. I don't want to use accounts that can be chosen using intent(account picker) instead i will provide edit-text to enter and user name and password, with which I should be able to access google drive for that user name and password.
Any suggestion how to do this?
The only way to access google drive through an app is through the google drive API OAUTH system, it's well explained on their docs:
About OAUTH
About authorization protocols
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses Google
Sign-In, some aspects of authorization are handled for you.
Related
I am creating an application that uses google drive api, and requires authentication of a google account. The example on the quick start for using drive api for android uses google sign_in where user would be required to choose an account from the google accounts already added on the phone.
I dont want user to choose there own account. I want to add the account the api would be used in from code, such that files would be accessed from my own specified accounr not that of the user of the app. But I cant seam to find any sign_in or authentication form apart from the case when user is to choose an account.
Please can this be done? And if so how?
Answer would be simple No, you can do that but you have to use different API than that of Google's one. Google will ask to choose from account as it is added in implicit intent.
I have a Dropbox account which was created by logging in via the Google account. So, my Dropbox account is linked to the Google account.
I have an android application and my users can create their accounts either via Google/Facebook.
The question is,if it is possible for the user to login to our app once via his Google Account, and then using these same underlying google's credentials the user automatically gets logged in to Dropbox Account [Maybe a simple 'OK' button authentication is needed], so that they need not enter their login credentials twice?
I am planning to implement this using oAuth. Any guidance on whether is possible or not will be helpful. I am not expecting code but some guidance.
In general what you are asking is not possible.
The credentials/assertions that Google issues are for a specific app and only that app should accept those credentials.
So when a user signs into your app, you get a credentials from Google that says this is for your app. Also Dropbox accepts credentials from Google that was issued for Dropbox. Your app can not convert one into another (if it could this would be a big security issue e.g. one app could sign into a user's all other apps/account that accept Google credentials for expalple bank account).
What you want to do is integrate with the OAuth Apis that are from Dropbox and when the user is going through them try to prefill information to make the flow easier. If you send "user email" to Google OAuth flow (to get user signed into dropbox) for the same user (who is signed in) they could go through the flow easily. https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest
Following the Google Sheets Api examples, I wish to allow the user of my android application to authenticate with his google user account, access a spreadsheet in his google drive account and extract the cell content. So far I have managed to succesfully login with the Google+ Sign in button and have a working GoogleApiClient. From here on it seems unclear how to proceed to use this authentication to authorize the SpreadSheetService to obtain the necessary Sheets feeds. Authorizing with hard coded credentials as in
service.setUserCredentials(USERNAME, PASSWORD);
works and allows me to continue to access the feeds, but is it not possible to use the GoogleApiClient authentication for authorization of this service? Or is there another way to obtain these credentials (i.e. Drive.Query)?
I want to develop an Android Application that allows users to sign in with their Google Accounts (i think it's always an email address) instead of forcing the user to create a new one. I have 3 questions regarding this:
When the user starts the application for the first time i'll have to use the AccountManager, right? If the user has only one com.google account i'll use that one, if not, i'll ask him which one he wants to use. My question is, can i be sure that every com.google account in the AccountManager has been properly authenticated and the application can be sure that the user is who he says he is so that i don't have to ask him to choose the account every time the application launches?
The application will have a server that will store on a database what restricted content the user has unlocked, that's why it needs the Google Account, to match the foreign key of the user with the foreign key of the content to know what that user has unlocked. How do you suggest i save the Google Account in the database as the user table's primary key? I could store the email of the Google Account, but isn't there any privacy problems with that? What else can i use? I suppose there is no Facebook ID-like integer value for Google Accounts.
Do i need to use OpenID or oAuth 2.0 for any of these operations i've mentioned? I'm asking this because when the application doesn't have internet connection i want the user to still be able to access the restricted content he unlocked and previously downloaded into the phone. If i use OpenID that requires internet connection right? So the user shouldn't be able to enter the application and that's not what i want.
Thanks
Using the account manager to check which accounts are available on the phone and ask the user which account he want to use sounds like a good idea. I think it's a good idea to use OAuth 2.0 and grab the OAuth 2.0 access token for userinfo in your client application (https://www.googleapis.com/auth/userinfo.profile is probably the scope you want to use) and send this to your server when the client communicates with the server. Then using the userinfo Google API your server can use the access token to make sure the user is who he claims to be. With this api you can get hold of the user id which you can use instead of the user's email.
Getting the auth token will require internet access, but since it's only needed when you communicate with your own server you can grab the token at that time.
I'm not 100% sure if the accounts given by the AccountManager can be trusted, but it will provide you with the google accounts available on the phone and I don't know of any way of adding an account to the phone without having access to the account. If this was possible it would be a really big security issue as well so I think you can trust that the accounts given by the AccountManager are authentic.
When you get the OAuth 2.0 token on the client I suggest you use the Google Play's GoogleAuthUtil instead of the account manager if it's possible. For more details on this see: In a nutshell what's the difference from using OAuth2 request getAuthToken and getToken
I'm using the Android AccountManager to authenticate a users google account for access to Google Drive. However, I want to allow the user to access Drive accounts that are not on their phone. For example, I have a work google account that is not on my phone, but I would like to use in my app. Is there a way to allow users to authenticate accounts that are not necessarily stored in the AccountManager?
Thanks
Perhaps you could add another Google account to phone and allow user to select which account to use. If this option doesn't satisfy you and you really want to authenticate to Google Drive accounts not on phone you must then use OAuth.
If you also really, but really, want to use AccountManager facility in your app you have to make an account type that behaves like the following:
When you create a new account you open a browser widget and perform an OAuth cycle with Google Drive, then store the token in secure store
When you request a token via getAuthToken() it either releases you the stored token or triggers a token refresh cycle using OAuth
This has its security drawbacks: better perform OAuth cycle without AccountManager and store tokens in app memory