In my android application I am trying to build an array of login credential methods for the user. The user should be able to login using their google, facebook, outlook and twitter (etc...) credentials. I am not sure if there is an easy way to do this but currently I am looking up the API for each one of the mentioned services and researching how to use their authentication method and gaining access to services like contacts for invitation purposes.
I am having a hard time finding any resources for outlook authentication and services. If anyone can point me in the right direction I would appreciate it very much!
you can try Socialauth-Android:
The API enables user authentication and sharing updates through different various social networks and hides all the intricacies of generating signatures & token, doing security handshakes and provide an easy mechanism to build cool social apps.
Related
At the moment, my app (Android and UWP) uses Azure Easy Tables. To upload/update/delete items in the easy table, a user has to be authenticated. But I only want them to be able to authenticate in the app.
Is there a way to restrict this authentication process to only accept authentication requests coming from my apps?
There's really no reliable way to authenticate your client. You can use and validate an application key as documented here, but if you're shipping your application with that information, those wouldn't be difficult to extract.
Alternatives are available (different ways to "fingerprint" your app) and while make it a bit more difficult for other clients to use your API, but none of them are foolproof.
Properly authenticating and authorizing the user is sufficient to guarantee that data is only accessible by users with the required permissions, but there's not a way to absolutely guarantee this is done from your client.
As the figure below, did you enable the App Service Authentication option of the Authentication / Authorization tab of your Mobile App to ON and with non-anonymous authenticate way on Azure portal?
If not, please enable it to protect your Mobile App backend endpoints which include Easy Table, and you need to do the more authentication for calling your Mobile App backend. Please see the details at here.
So I have some solid experience programming games to which I want to add push notifications but I have very little web experience apart from html, css, and some lightweight php.
I've created and ran the example GCM server application in my Eclipse installation with Google plugins installed.
I wish to make a control panel for myself to send notifications and wish to allow only myself to login to obviously restrict public access. This doc page on Google only shows how to authenticate with a Google account, but it seems like any valid Google account that uses this auth will be able to access the GAE GCM server I am developing.
https://developers.google.com/appengine/articles/auth
Does anybody with GAE have any advice? Should I just allow Google Account authentication and then just serve control panel content only to accounts I specify or should I implement some "traditional" authentication. I don't myself know what "traditional" would be but I will research it if someone says authentication via Google Accounts and serving content to certified accounts is not wise.
You need to keep authenticating with google accounts.
All that does is make sure the user is logged into their google account but doesnt validate beyond that. In your servlet use the User service to get the current user's email and if its not the one you want show/return an error.
I want to integrate GMAIL Single Sign on (SSO) on my App.. I am not getting the library for Gmail. Please Anyone can help me out. Thanks in advance
Refer to this link
https://developers.google.com/accounts/docs/MobileApps
Authenticating Users in Mobile Apps
Many web applications have companion mobile applications, such as native Android and iOS apps. These native applications typically ask the user for their email address and password to authenticate them. This method of authentication will not work when the web application has a complex login system which uses technologies like OpenID or SAML for federated authentication. In this guide, we'll describe an alternative technique to enable mobile applications to work for all users, regardless of how they are authenticated.
If you're anxious to see how this works, you can check out the Demo and Sample Code section at the bottom of this page.
I'm developing an android app that consumes a webservice that I will develop too (I'm thinking in using a RESTFul webservice)..
and I want to secure the connection between the app and the server but I need to authenticate users too..
My problem is in the last part, to secure the connection I think the best way to do it is to use SSL (https), am I wrong?
I don't know what's "the best way" to authenticate users, to make sure that a user cannot consume the webservice as another user..
I have some ideas, like using a authenticate(login,pass) method on the webservice that returns a token.. And for any operation that requires authentication the user would need to pass that token as a parameter.. The thing is, is this a good way to do this? whats the most common technique used to auth users in a situation like this?
If a token based auth is a good idea how should I generate the token?
Sorry for this long text..
Any help will be usefull
Thanks
Make sure you understand a trendy standard like OAuth before you go down that path. Most OAuth flows are centered around a user logging in to your server through a web browser. This can lead to pretty bad user experience for a mobile app. The standard does allow for alternatives. Here's a decent introduction.
You could also use an existing identity provider like Google, Facebook, Twitter, etc. instead of implementing your own authN/authZ. On Android, you can ask for a Google auth token using the AccountManager. This usually works because the user needs to be logged in to their Google account to access the Android Market. Anyway, this will prompt the user to grant authorization to your app. You could then use the Google auth token to login your user to your service with your own token. The login would essentially be your server verifying the Google token is valid (by contacting Google's servers) and then issuing its own token to be used for calls to your web services. If you don't like Google, you could use the Facebook SDK, etc.
As for what to use for tokens... The OAuth spec has stuff on that as well. You could do something as simple as a random string or something as complex as encrypted SAML assertions.
You should implement a token based OAuth, which will require the users to log in once, and then permanently have access.
You can use Google App Engine which already provides user authentication services for you (your Android users most likely already have google accounts) But this is only one of many options.
You can also look into Amazon's Identity Access Management (IAM) which will allow you to manage the users who have access to your web service, and authorize them accordingly.
I think the best way to do it is to use SSL (https), am I wrong?
This only prevents certain types of malicious use, but not everything. There is still nothing to prevent people from accessing your database on the phone, and retrieving credentials that way.
I was wondering if anyone knows of a way I can Authenticate a Google Apps User in a Android Application?
One approach I know of is to take could take their username and password in a android view, and use the clientLogin interface (http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html).
However I was wondering if there was a different approach, maybe pushing to a browser window where it would show the google login for that domain, but I would not know how to get the details back to the application, after the authentication is done.
Any ideas on how it would be done?
I wrote up how to get a google auth token from android (works fine in any java really) so you can call app engine hosted web services as an authenticated google user:
http://javagwt.blogspot.com/2009/12/authenticating-android-app-to-google.html
hope this helps
You could also try using OAuth. It's supported by Google Apps, and has a Java client library.