In my app my cloud services are provided by google drive (formely google docs)
to interact with google docs I use this library:
http://code.google.com/p/google-api-java-client/
It works great but requires that the device has the Google Apis on it and a google account set up
Is there any other way to authenticate on google docs without using this library?
Or do I have to migrate my cloud provider to Dropbox?
Thank you
Your best bet is to use OAuth 2.0 using the Client-side flow which is designed (partly) for mobile devices.
Basically what you'll have to do is use a Web View and redirect your users to the OAuth 2.0 grant page and then after they have granted you access to their data you simply:
Catch the auth code inside the web view
Close the web view
Exchange the auth code for a refresh and an access token
Keep the refresh token in your local database because it gives you unlimited access to the API => no need to trigger Auth flows any more.
That's it! With the newly acquired OAuth 2.0 Access Token and Refresh Token you've got all you need to access the user's Drive data on their behalf and use the API. You've circumvented the Android Account Manager.
There might even be some OAuth 2.0 / Web View client libraries available somewhere for Android, that would help a lot.
PS: this technique is widely used, for instance on iOS if you use the Facebook library, it will first check if there is the Facebook app installed. If the Facebook app is not installed it will use OAuth 2 and the Web View technique automatically. Google's Objective-C client library also uses that technique (as I've heard, never used it).
Related
We are using a framework called LibGdx, which allows you to write cross-platform code using only Java. We are developing for Android and iOS.
We have a datastore in Google cloud, as well as an Google app engine api we made to communicate with this datastore.
Now we want to secure this API, but cannot find good guidance on how to approach this for cross-platform. Since we have a mix of fb-login and email-login we need to use client credentials (i.e only our app is allowed to communicate with our API).
Using .NET you would send client credentials (Client ID/Cleint secret), then get an access token, not sure how to approach that in this scenario. We do not have any scopes or anything like that, we just want to secure our API so it can't just be called by anyone. So a simple Bearer-token would solve our issues. Just not sure where to begin.
you should have a look at Firebase Authentication
https://firebase.google.com/docs/auth/
Firebase supports several login providers like Google and Facebook. You will receive a token from Firebase Authentication which you have to forward to your API at Google App Engine.
You can use the Firebase Admin SDK at Google App Engine to validate the Token again
https://firebase.google.com/docs/admin/setup
In my project, I have an activity that downloads files from Dropbox and the basic method that uses the Dropbox account works. In the developer console, they provided an access token to make calls to the API without going through the authentication. However, there is no sample or hint to do so. I saw an example in this link, but it is for Ruby. Also, there is no DropboxClient in Android API. How can I make calls to the Dropbox API using the access token only?
The generated OAuth 2 access token is generally only meant for testing/developing with your own account.
If you're using the Dropbox Android Core SDK, you should follow the instructions in the tutorial for implementing the app authorization flow. This results in an access token for the user, (e.g., you, during testing, or each actual end-user when your app is released) that your app can store and re-use for future API calls for that user.
If this app is only for you though and you just want to supply your own OAuth 2 access token, you can use AndroidAuthSession constructior.
I'm building a Android/iOS/Web app which authenticates with a provider to receive an access token and then uses the token in the API calls to the node.js backend. I've already got it working for facebook using Passport and the Facebook-Token strategy (https://github.com/drudge/passport-facebook-token)
Now I'd like to repeat the process with this library https://www.npmjs.org/package/passport-google-token
Should be easy, right? But google's developer console for android doesn't provide a client secret. Infact there is very little documentation on what to do if you would like to authenticate on the device and use a token to communicate with the server. It was so simple with facebook, is there something I am missing?
FB's (or Google's) access_token is for their API, not yours. Also, most flows with 3rd party providers like FB and Google are intended for web sites (this is the auth code grant). Devices (and SPA) typically use the implicit flow that doesn't require secrets on the client.
You might want to consider authenticating users with Google or FB (or whatever) in your website (using either strategies which are optimized for web flows), and then issue an API specific token derived from that. I would recommend issuing JWT, which are lightweight and simple to use.
On the API side you could use express-jwt. See here for additional details.
I'm completely new to Android development and would like to find out if the following is at all possible, and the best way to approach it:
User logs into Google account - NOT stored on the phone (OAuth??)
App displays their GMail emails - does not need to send, only receive/read
App can access their calendar and display events - again read only
That's all for the Google side of things! I've only ever used Facebook auth - so am unsure as to how Google works. I can't seem to find any definitive answers on the web.
Yes, this is all possible.
Use Google Play services to get an OAuth 2 access token for the Google APIs. For GMail IMAP and read-only Calendar API access you will need to state these scopes:
https://mail.google.com/
https://www.googleapis.com/auth/calendar.readonly
Use some IMAP library for Android using your OAuth 2 access token (e.g. JavaMail, check out this Android JavaMail tutorial and Google's sample for using OAuth2 with JavaMail).
See the Calendar API documentation for how to access the user's calendar.
You can register a web application that uses OAuth to log onto google.
https://developers.google.com/accounts/docs/OAuth
then you can use GMail API's to use the OAuth token to access user's email
https://developers.google.com/google-apps/gmail/oauth_overview
then for calendar you have the Google Calendar API's also accessed using OAuth.
https://developers.google.com/google-apps/calendar/
You can create a web app and use your android app to access your web server database via API's you create. Using this data you provide a nice GUI for your android users and provide user interactions.
Another method would be to use only the android client without a web app as mentioned by Jan Gerlinger.
You can also check out the source code for k-9 mail app for ideas here:
https://github.com/k9mail/k-9
It's a full-featured, open source android email client that supports many protocols including IMAP, SMTP and Microsoft Exchange accounts too. You can dig through the source code to find out how they do it.
I'm currently trying to write a task manager in android which syncs with google tasks. The app uses google client API along with AccountManager to communicate with google servers. It works under android. However, I want to run it under android player on Blackberry playbook. Although the .apk file converts to a blackberry application, it seems that AccountManager does not work under playbook android player as it is not tied to a google account. I'm finding it difficult to communicate with the google servers without the account manager. I've tried adding an account manually to the AccountManager but it also throws a security exception. I'm curious if there is any other way to log into google services given an username and password (along with the API key for access)? Thanks
The AccountManager and the Google Play Services that both allow you to go through an OAuth 2.0 authorization flow with a native experience on Android (for Google APIs only) are only available on Google Experience devices. The Android Emulator of the Blackberry Playbook is likely not a Google Experience environment.
So in that case the best way is to implement an OAuth 2.0 flow by using a WebView. This is also the technique you need to use for non-Google APIs (Facebook, Microsoft, Salesforce, Dailymotion, ...)
Basically you will have to send your new users to a special URL in a WebView where Google (or the other OAuth 2 provider) will ask them to grand you access to the APIs requested. Then you will need to extract the auth code from the URL or from the content of the page once it has been generated and returned by Google auth servers. The last step is to exchange that auth code for a refresh and an access token.
You need to read and understand how OAuth 2.0 authorization flow works for Installed application: https://developers.google.com/accounts/docs/OAuth2#installed
The step by step process to do OAuth 2.0 with a WebView on Android is as follow:
Redirect Users to the grant screen URL in an embeded WebView
Use http://localhost as the redirect URI
Register a WebViewClient with an onPageStarted method to intercept page changes
Detect successful/failed authorization by detecting redirects to http://localhost and read the auth code from the URL of the WebView
Finish the OAuth 2 flow by exchanging the auth code for tokens and save these tokens in local database for further use
You can find an open-source sample that does this on Onavo's GitHub.