I'm a bit confused about the differents way to authenticate user on Android devices.
What is the best way to authenticate user in a Android app, in order to call a custom server REST API?
Use GoogleAuthUtil like described in these documents:
http://developer.android.com/google/auth/http-auth.html#ExtendAsyncTask
http://android-developers.blogspot.fr/2013/01/verifying-back-end-calls-from-android.html
Pro:
Quick login, user has not to type password nor to click on a button
Con:
Not corss-platform
Use Google Sign-In like described on this document:
https://developers.google.com/identity/sign-in/android/sign-in#cross-platform_single_sign_on
Pro:
Cross-platform
Con:
User has to click on the Google Sign-In button
It's possible to easily combine the two way, GoogleAuthUtil when users use Android device and Google sign*in when users are on other platform ?
What do you mean with cross platform, if you use GoogleAuthUtil and Google SignIn button they are both for Android. You can use them both to achive this, just authenticate first time with Google SignIn button, and then save account (so it doesn't ask you which account you want to use for authentication) and access token to SharedPreferences and reuse it for next login (without clicking on SignIn button again)
Related
I'm lost on this one. The problem is simple: what is the correct, recommended way in Android of logging in a Google user, as a page that they own (e.g. they first login and they are presented with what page they wish to authenticate as, to the app)?
The web solution is straightforward - Google's /oauth endpoint automatically redirects to a delegation page into which you choose your main account or the page you wish to continue as. The next page will have a pageId=... extra argument in the URL. As such, your authorization is linked to that specific page, not to the main account.
With Android, I'm completely lost. Every possible official guide out there is either deprecated, un-recommended, or just simply, blantly ignores this simple use-case and only works with getting an OAuth token for the main account, without even a word given to help for the case of users that own pages which can be used as their own identity under the user's account.
What I'm doing now (at the high level), using Google Play Services:
Start an activity intent via AccountPicker.newChooseAccountIntent
User selects an account on device.
Calling GoogleAuthUtil.getToken to get an OAuth token - this triggers the basic OAuth flow which asks the user to authorize the app - NO ACCOUNT SELECTION at this step, like the web flow does!
What I looked at:
Google HTTP Api Client - this one recommends to use Android's AccountManager and never use a "custom" solution to save any refresh tokens, etc. Completely useless for the use-case.
Google Sign-In - this one seems to require a server end-point (wtf?). I tried using it and adding in the OAuth scopes I'm interested in, it didn't even work. I'm not interested in the user's email, and this API seems to be oriented for signing users up rather than authenticating as a Google one.
Other apps I looked at seem to just open a WebView and force the user to login in that, which triggers the normal web flow, with account/page selection after login. I really don't like this since it requires a separate login.
Is there an official stand on this issue and I'm not seeing it?
I am trying to implement a simple mechanism to authenticate the user so that through my app he can interact with YouTube. But there are several points in which I am confused about, following is a list of the same:
1) What login mechanism to use? I have implemented G+ sign in however the docs here are very confusing:
a) https://developers.google.com/youtube/v3/guides/authentication?hl=de
This link asks me to use an O - Auth 2 authentication, however
b)https://developers.google.com/accounts/docs/OAuth2InstalledApp?hl=de this link tells me a different story.
I simply want the user to gain access through her account and upload videos, why is this so much painful?
Check the Authentication at YouTube Direct Lite for Android.
I am trying to implement user login via social networks to my app. User should login with their google, facebook or twiter account to the app and create content that will later be sent/or synced to the app rest service.
What is the best way to do this?
I was successful with adding google and facebook sign in button and getting auth tokens from them but then i started reading on some tutorials that include account manager which is needed to implement sync adapter for data that needs to be synced with server, but as i understood i need to create my own login and add new user implementation for this to work?
Can i use social login with sync adapter, or do i need to implement my own account management?
Please point me in the right direction.
I personally avoid tutorials that "help" you to build a customized social API's interface, first because they could rely on old API version (take Facebook for example, their graph API authentication system has changed a lot through years), second because they could propose a solution that is not what you are really looking for.
Instead, why don't you simply follow the official tutorials from Facebook SDK page (https://developers.facebook.com/docs/android/scrumptious/), Google and so on?
Use case:
User launches app
The user enters google password
The app lets the user to use the app if the google password entered was correct.
I don't want to provide yet an other password registering option to my users. I don't want to know my users' passwords either. It would be great if I could use the Google login(or other common login, like Facebook, etc...), just like it is possible to provide a Google login with OpenID for webapps.
Additionally: Is it possible on iOS?
Any ideas?
Please see Google Open ID for the same.
I need help using the facebook test users from android.I am using the facebook android sdk and i need to be able to login as a test user and do actions like publish to the stream. I do not want to use the developer account associated with this application since it is my personal account. I realize that test users can only be created using api calls and such a call returns the login url, i understand how to use this in a browser but how can i use it in my android application. Can i create a dummy account and work with that account or is this against facebook policy.
Test users can also be created with GUI - not only by API calls. GUI is useful if You need to handle just few users. If there is a plenty of them - it is easier to use API and perform it programatically.
How to handle test users by FB GUI:
Go to FB developer site, where You created FB Application
on application tab, click Edit Roles
At the bottom of the page there is 'Test users' section where all test users are listed. This is where test users can be created and edited. Each user has option to log in as this user, change his name and set password next to his profile photo.
You have to set user's password to be able to login as him
Use his profile email address and password to login - it is also possible from Your app
You can create a dummy account but this is against FB policy and FB really does everything to make it harder to You :) This is not an option. Use test users.
If more info is needed on the topic - see my article, regarding test users strategy.
All the detail see on the official FB page
See an open bug in facebook. You can't login as test user with native Android app, but login with m.facebook.com should work
https://graph.facebook.com/me?access_token=ACCESS_TOKEN
where the access_token is the token from when the user approved your app. Found it here.