I'm developing a web server (Using J2EE/Wildfly 8.2) with a RESTful API for the Android clients. To authenticate the connected client I would like to use a token (OAUTH2 or whatever is appropriate) from that client rather have to deal with the messy password admin in the server.
Could someone point me at a good example. Ideally it would use the Google account on the Android device as most users (I would think) have an active Google account.
As always, many thanks for your help getting me started on this.
I think it will be helpful for you to take a look at Stormpath. In your backend, you can use the Stormpath Java SDK to easily delegate all your user-management needs. Since you are specifically interested in the social login functionality, this is the way you would do it with Stormpath:
There are two options here...
You can completely delegate the login/register functionality to Stormpath via its IDSite. It supports Google, Facebook, LinkedIn and Github login.
You can create and host your your own social login forms. In this case, your front end will display the login buttons. When the user presses the login button, your front end will send the credentials to the backend-end where you will need to execute code similar to what was documented here
Related
Based on a research that I have made on Android login, I have found out that for Android to have a login feature, it requires a web service.
Android sends login credential to web service and will only determine whether a user's credential is valid based on the return result of the web service.
As I am currently a junior developer, I am wonder what are the other approach that modern developers used in handling Android login feature? Do they use Google Firebase, or they used web service to handle the login as well?
In addition they can use social media login such as Facebook,google...etc as another option to let user login to app if user dont like to use app web services...to add this features you have to know about OAuth 2.0 because its used by those giant tech above then go and read their docs they explain all with the details of details....also for web services check out this tut Android Login and Registration with PHP, MySQL and SQLite also you can read this A Massive Guide to Building a RESTful API for Your Mobile App
It depends on what resources you have access to. I work for a variety of enterprises and find that it is not uncommon for them to use google firebase as a login/authentication component, but many of them create their own web service to handle user login. Some use Single Sign On services like Okta.
I'm working on a mobile app specifically for students at my university. Our school's web portal uses WordPress (or at least the login page is /wp-login.php).
Is there a way to send the user's browser to the login page and then send them back to the app with a confirmation that they were able to sign in? Or even better, include their username? I've tried a bunch of different Google searches, but most of what I've found requires installing/configuring plugins in the WordPress install, but that's not an option, since I'm just a student.
Thank you!
Well, since the site is not hosted at WordPress.com, you will have to implement your own API Endpoint for your Single Sign-On procedure.
But first contact the site's admin or developer/s and find out if they have already implemented such a mechanism.
If they haven't you can see here how to create an API Endpoint in WordPress, that your mobile application will use to authenticate users.
You can find more information here.
If your university's site does not support the functionality and they are not willing to implement it, I 'm afraid that you cannot do anything...
I'm currently designing a service that will be half web app, half android app. Each user will need to be able to log in from either the android app or the web app, using an openID account. I'm hoping to target Google first for easiest integration with Android, but I'll also need some OAuth stuff later so that I can integrate with Google contacts.
The bit I'm having trouble with is how to authenticate users. The structure I've planned is that the server (probably using web.py, although that's flexible right now) serves data for the client in JSON, whether the client is the javascript browser client or the android client. However, each call needs to make sure the client is allowed access to that data.
What would be the easiest way to standardise this across the platforms?
Should I be using a session system to authenticate after logging in? Can that be made to work from an Android app? Otherwise, should I simply authenticate with google for every request?
When authenticating from the app, where should the authentication happen, through the server or straight from the app? Where should the auth token be stored in this case? (I'm assuming for a straight webapp the token should just be stored in a table in the user database?)
Sorry for the barrage of questions, but I haven't really found any resources online that clarify these issues very well.
As long as you are using HTTP, the platform doesn't matter. You can use the same form of authentication and/or sessions. The only difference would be that on Andorid you might be able to get an authentication token using the platform's AccountManager, without having to type the username and password in Google's login page.
There's a subtle difference between Authorization (OAuth) and Authentication (OpenId). Make sure you know what you are doing.
I followed the tutorial here: https://developers.facebook.com/docs/mobile/android/build/#enablesso
I am able to authenticate on the android side, but what I want to do is to use SSO or some sort of authentication using facebook [preferrably OAuth] to authenticate against my web application on GAE. I expect it to work something like this: blog.notdot.net/2010/05/Authenticating-against-App-Engine-from-an-Android-app
This is the sort of flow I expect:
The user starts my app, and is prompted with an option to authenticate to FB.
The FB app/web dialog opens and asks the user to confirm permissions to be given to my app.
Once that is done, FB provides me with a cookie [or something similar].
I use that cookie for subsequent requests to my web service, where I can get the username simply using:
user = oauth.get_current_user()
user.nickname()
Is anything like this possible? The problem I face is that while performing SSO, there is no place where I specify an OAuth end point. GAE provides OAuth endpoints [http://code.google.com/appengine/docs/python/oauth/overview.html], which I think I should be using. Any clue as to how I can proceed about this?
Any help is appreciated. Regards, rohan
You need to implement the server-side authentication flow: http://developers.facebook.com/docs/authentication/
I implemented it in Java: see the LeanEngine oss project. You could probably reuse the android client part: the login dialog.
I have a Java based web application which is developed using JSP/Servlets running on Tomcat server. This application is developed for customer support. A customer can directly login to the application with his credentials and raise any complaints reg. a specific product. He can also view all the complaints he has raised and their status. Also he can add comments to the complaints and also close them when he desires to.
Now I would like to develop an Android app where a customer can login with his credentials and do same operations as he used to do in the above said web application.
I have basic knowledge on Android and good amount of knowledge in Java. Can someone help me with some guidelines or sample source code to develop such kind of application. In particular after authenticating a customer with his credentials from an Android activity by sending HTTP request to the web application, how do we keep track of the session for that customer in order to display him the complaints raised by him or allowing him to add comments to his complaints in next activities (screens). To put it simple how to maintain sessions?
Thanks,
You question is pretty specific to your application. How you maintain a session with the server is pretty much up to you, but you can think of it as implementing the relationship between a web browser and a web server.
After your user logs in, the client should receive some kind of token from the server (similar to a cookie). All subsequent requests will pass along that token to authorize the user, so you'll have to persist it on the device. Your server will have a mapping of tokens to users.
I would recommend looking into OAUTH2 and maybe taking a look at some well used APIs like Twitter and Foursquare for some ideas about best practices.