All geek questions in one place

Google signing in Android app to use Cloud Endpoints backend

I am writing an Android app with the Google Cloud Endpoints backend, and I want to limit my backend to the Google app.

I followed Android instructions and successfully logged in. In other words, I received a token that I can transfer to the server and check the user on which it stands. Fine.

However, I miss the big picture here. Questions:

  • Should I send this token with each request to the server and repeat the process of checking it in each request?
  • If so, the token expires at some point (I count 1 hour). I believe that the user does not need to log in again, it must be in order to avoid this, right?
  • Is there a way to update the token (I think Google Signin is OAuth2)?
  • And most importantly, is this all the standard way that someone uses a Google signature to protect their backend? I expected this to be a very simple process since I only use Google products. However, I find myself lost on the pages and documentation pages on Android and Cloud Enpoints with puzzle pieces.

Any help or understanding is appreciated.

+6
source share
3 answers

Android, google outh2 . SDK Google oauth2.

  • . , .
  • . . , oauth2, . , , . . , , ,
  • , URL- google, . URL- google .
  • oauth2, .

, , .

oauth2 (google, facebook, github ..):

https://webiste.com/auth/signin/{provider}
https://webiste.com/auth/callback/{provider}
https://webiste.com/auth/refresh/{provider}

URL- google oauth2, :

oauth_url: 'https://accounts.google.com/o/oauth2/v2/auth',  //start auth
token_url: 'https://accounts.google.com/o/oauth2/token',   //get id_token, access_token, refresh_token token
refresh_token_url : 'https://www.googleapis.com/oauth2/v4/token',
token_info_url: 'https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=',  //validate token

google oauth2 https://developers.google.com/identity/protocols/OAuth2.

+1

, Firebase UI Android Library . Google, Facebook, , Twitter Github, , , . .

0

It is best to use the 3ed party code for this. It will take much less time, there will be much less errors and it will be very easy to expand it to other methods. I would recommend Firebase because it is very simple, free, works well and is owned by Google.

0
source

Source: https://habr.com/ru/post/1015866/

More articles:


All Articles