For example, user is navigating to google.com in WebView.
Is it possible to authorize him there via Google Account Picker (something like described here https://developers.google.com/android/guides/http-auth) to simplify authorization instead of manually logging in via web form?
Android Web browsers (for example, Google Chrome) are authorizing user via this method).
Part I: Using the Google Plus Services API
If I understand your question correctly, you may be able to achieve what you are trying to do using the Google Plus Services API.
You create your GoogleSignInOptions and then create your GoogleApiClient using these sign-in options. From there, you use the Auth.GoogleSignInApi.getSignInIntent with your GoogleApiClient as the parameter.
This intent should launch a SignInIntent that presents the Google account picker (that will include accounts that have been accessed on the device previously, and the ability to add another account).
Once you get back the GoogleSignInResult, you can verify that the user was authenticated and then create the authentication flow as you would otherwise.
Even included in the Android SDK is the Google SignInButton, which you can use right in your layout instead of having to create a custom button for the sign-in.
Part II: Using WebViewClient
Now, if you are trying to use a WebView to authenticate them, your best bet is to extend the WebViewClient class.
Things you will need: clientId, clientSecret, and clientScope (all of these details will be given for you when you create your application in the Google Developer Console)
First things first, your URL to authorize will probably be as follows: https://accounts.google.com/o/oauth2/auth?response_type=code&clientId={your client id}&state={SOMESTATEINFO}&access_type=offline (access type if you want offline access). This should be the initial URL of your WebView
Next, you will want to modify your extended WebViewClient class. What you will want to do is override the shouldOverrideUrlLoading(WebView webView, String url) method to listen for your redirectURL. Probably the easiest thing to do is to use url.startsWith(<your redirect URL>) to detect this. You can then parse the response. If your response contains error, then it means something went wrong. Otherwise, you should get back two fields in the URL: code and state. If you do not get error back, then return true for shouldOverrideUrlLoading.
Once you get your code, you can create a new GoogleAuthorizationCodeFlow, using your client, scopes, and secrets.
Once you have your flow, you will need a GoogleTokenResponse, which you will be able to get using the code obtained above for your authorization code, using GoogleTokenResponse response = flow.newTokenResponse(<code>).setRedirectUri(<redirectUri>).execute().
Once you have done this, and you have your response, you can get your Credential using flow.createAndStoreCredential(response, null).
And voila, using this Credential, you can authenticate your calls.
Caveats I have not been able to get the WebView to recognize accounts that have been signed into on other web browsers, so the account picker may only show the accounts that have been signed into on the app-specific WebView.
tl;dr It is possible to do this with a WebView and WebViewClient, but it's messy and a little bit more roundabout than using the Google Plus Services API.
This example better illustrates the authorization flow/credential stuff once you get the authorization code and such.
And here's some documentation on the WebViewClient that may be useful as well.
Hope this helps point you in the right direction!
Related
I've set up a small android and firebase app... Authentification works like a charm, and in the firebase console, I can see my user, logged in with the Google account.
Now I am trying to experiment a little with the Text to Speech api, and in doing so, I followed this tutorial:
https://github.com/GoogleCloudPlatform/java-docs-samples/tree/master/texttospeech/cloud-client
I managed to make the small java app work, by setting the GOOGLE_APPLICATION_CREDENTIALS Environment variable (I followed this tutorial for this step: https://cloud.google.com/docs/authentication/getting-started), but I am not sure what I need to do to make that code work in the Android app where the users are authentificated..
The Error that I get when trying to make a call to the TextToSpeech API is:
The Application Default Credentials are not available. They are
available if running in Google Compute Engine. Otherwise, the
environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined
pointing to a file defining the credentials. See
https://developers.google.com/accounts/docs/application-default-credentials
for more information.
The error mentioned comes from the line:
TextToSpeechClient textToSpeechClient = TextToSpeechClient.create();
This error appears because of the fact that on the android emulator I don't have access to the credentials that are set as environment variable in my OS..So I have to provide the credentials in another way.
In the case of other Google APIs, like Storage, I found out that this can be done like this:
// You can specify a credential file by providing a path to GoogleCredentials.
// Otherwise credentials are read from the GOOGLE_APPLICATION_CREDENTIALS environment variable.
GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream(jsonPath))
.createScoped(Lists.newArrayList("https://www.googleapis.com/auth/cloud-platform"));
Storage storage = StorageOptions.newBuilder().setCredentials(credentials).build().getService();
I managed to create the GoogleCredentials object with the contents of the json file, however the TextToSpeech client doesn't seem to provide a functionality similar to this:
StorageOptions.newBuilder().setCredentials(credentials).build()
So my question is....is there a way to provide the Credentials object to the TextToSpeech client?
Thanks
Currently, there is not a way to provide credentials to the TTS Client from this page.
Due to Security / Auth reasons, I believe the best suggested approach is to use Firebase Functions.
Get the Text
Call Firebase Functions
Have Firebase Functions call the TTS API
Return the results.
This way, no keys are leaked inside the application and you can use Firebase Auth.
Let me know if that helps!
Update:
Option 2: iOS Tutorial (should be adaptable to Android)
Get the Text
Call Firebase Functions
Have Firebase Functions return an OAuth2 Token
Use the token directly with the API
I'm searching the PlayServices equivalent of this call:
https://www.googleapis.com/plus/v1/people/<some_user_id>?key=<your_api_key>
The call above is documentation of the call above is here: https://developers.google.com/+/web/api/rest/latest/people/get
However this is a web API call and my keys are restricted to a limited set of IPs. I think it would be a bad idea to put that key in code. Do you think the same?
Just as a side note I would like get the data without "authorization". I mean I authenticate with my key, but I don't want to ask the user. With the HTTP call above this is possible, so what is the Android SDK equivalent? I'm not asking how to do the GoogleApiClient stuff I have this already working. I just want to know the right call of the plus API.
If there is nothing similar do you know how to authenticate myself at the rest service with my packagename and signature?
In summary I just want to know the (first and last) name of the local G+ accounts like in the Google Foto app.
To load a specific Google+ profile in Android use the load method for com.google.android.gms.plus.People.
public abstract PendingResult<People.LoadPeopleResult> load (GoogleApiClient googleApiClient, String... personIds)
I have folowing scenario.
My client (local tv publisher) publishes some article and embeds tweet in it. ID of embeded tweet is sent through api to android application.
On android side i have integrated Fabric/TwitterKit and by following steps on twitter developers page i managed to show tweet in my android app on (i admit) easy way (Show tweet exp).
Now i have published application to Alpha and noticed one "little" problem :-). TwitterKit was using my local twitter account to authenticate and to show tweets. If you dont have Twitter application installed or signed out of it, my show tweet functionality wont work..
This is TwitterLogin explanation for obtaining TwitterKit auth token:
"When attempting to obtain an authentication token, the Kit will use the locally installed Twitter app to offer a single sign-on experience. If the Kit is unable to access the authentication token through the Twitter app, it falls back to using a web view to finish the OAuth process.
The simplest way to authenticate a user is using TwitterLoginButton, inside your layout..."
What i want is to simply show content of tweet by given tweetID. No sending tweets, or any other action with it. Just show data from given url. Is it possible without authentication, or what should i do now, so that current implementation works without user authentication (or with some non-single-signon-inside-app authentication)
Thank you.
UPDATE 1:
I have created MyApp extends Application class, and placed code below inside onCreate method. In application tag inside AndroidManifest file, added line:
AndroidManifest.xml
android:name=".MyApp"
onCreate:
TwitterAuthConfig authConfig =
new TwitterAuthConfig(DeveloperKey.TWITTER_CONSUMER_KEY, DeveloperKey.TWITTER_CONSUMER_SECRET_KEY);
Fabric.with(this, new TwitterCore(authConfig),
new TweetUi());
It works so far, but i am not sure if this implementations is valid.
DeveloperKey.TWITTER_CONSUMER_KEY and DeveloperKey.TWITTER_CONSUMER_SECRET_KEY are static values obtained from application created at apps.twitter.com.
You need to use Application Only authentication.
That will generate a set of keys which can be used by the application. It won't be able to post messages to Twitter (because no user is associated with it) but you will be able to read Tweets.
If you build the keys into the app, your user won't have to sign in.
All the documentation is at https://dev.twitter.com/oauth/application-only
I'm in a situation where I need to request access tokens for two scopes (from my android application), https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.userinfo
I would like to get both permissions on a single call to getAuthToken, but can't figure out the string to pass in the authTokenType parameter. I tried several reasonable combinations with no positive results :(
Has anyone solved this issue? Is it possible?
I was having the same issue. Shah is almost right, but his scope string is wrong. It should be
"oauth2:<scope_url> <scope_url>"
not
"oauth2:<scope_url> oauth2:<scope_url>"
If you need multiple OAuth 2.0 scopes, use a space-separated list.
oauth2:https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.userinfo
You asked for sample code, so have a look at the Google Docs Upload Sample application, and in this application have look at the authentication flow done in this sample Android screen (ignore that it's about Google Docs, it still authorizes first). You can get the whole application and run it in an emulator with Google APIs present or run it on your phone. The authorization workflow starts with the buttonAuthorize click, Authorize() and you are specifically interested in this method:
private void gotAccount(Account account)
{
Bundle options = new Bundle();
accountManager.getAuthToken(
account, // Account retrieved using getAccountsByType()
"oauth2:https://www.googleapis.com/auth/userinfo.email oauth2:https://www.googleapis.com/auth/userinfo.userinfo", // Auth scope
//"writely", // Auth scope, doesn't work :(
options, // Authenticator-specific options
this, // Your activity
new OnTokenAcquired(), // Callback called when a token is successfully acquired
null); // Callback called if an error occurs
}
The user gets this access request screen:
Note that this is using the 'local' OAuth2 mechanism, not opening a web browser, but using the authentication provided when you first activated the Android phone.
Also note that the user sees the full URL of the scope instead of a friendly name, I haven't found a way around this and if you do find out it would be great if you could share the answer.
I can't get Oauth to work with Twitter. I have tried the following (all result in the same 401 error):
jTwitter (using the default OauthSignpostClient)
jTwitter using the commonshttp library (CommonsOauthProvider) instead of the "DefaultOauthProvider"
jTwitter using the OauthScribeClient (instead of the OauthSignpostClient)
oauth-signpost (by itself... no jTwitter)
Twitter4J
http://code.google.com/p/agirardello/
http://dev.bostone.us/2009/07/16/android-oauth-twitter-updates/
http://github.com/kaeppler/signpost-examples/blob/master/OAuthTwitterExample/src/TwitterMain.java
I've tried my own implementation and copy/pasted the sample code from each of the sites, and nothing seems to work. I'm also 100% sure I also downloaded and included any dependencies (where needed).
Here's the interesting part. Using jTwitter and the oauth-signpost library, I can initiate a connection to Twitter, open a browser window for the user, have them log-in and generate a PIN for my app. When the app goes to post a status update however, (using the pin, and the stored access token and token secret), the 401 error pops up. All other things I've tried won't even let me open a browser window and ask the user to generate a PIN (they die with the 401 error on the request for the "request token").
Please help. Thanks
I don't know if it will help you much with Android, but this post on Twitter OAuth by Chris Shiflett just came up on my interwebs.
First of all for OAuth you need to register your application with twitter I am assuming you have registered it. Now in case of desktop and mobile application you need request twitter for custom callback URL, as default callback url just works only for web apps. Once twitter approves requested call back URL , it will work .
But there is workaround, rather than OAuth request twitter for xAuth by submitting details of your applications. Then if twitter approves it , you can uses xAuth which works almost similar to OAuth.
Make sure your application had read&write access when you created it....