All geek questions in one place

Send google oauth authentication username and password

I am developing an application in android that provides information about different places. Although I save images of these places in picasa and retrieve them using google apis, for this I created a new google account for the user containing the images.

The problem is when I run the oauth process to get a token, I have a new web page asking me to enter a username and password. Since this is a technical user, all end users will not know about users and pwd.

Is there a way to send username and password along with other oauth values ​​(client_id, secret_id, redirect_uri, ...?

thanks

+4
source share
3 answers

Authentication Google Oauth is a three-legged process:

  • Getting request token
  • Authorize this request token
  • Exchange authorized request token for access token

A username and password are required at the second stage of this process, when the user, using his credentials, allows the client application to access his personal data stored on the google server.

Now to the question that @Luis has raised what is, is there a way to send username and password along with other oauth values? Answer No. None. It is not possible to send the username and password in the authorization header or in the request parameter of the authorization URI. The reason is that the user should always know that the client (which is your application) uses the user data. Therefore, the user is always redirected to a web page where he / she is asked to provide login credentials. It also allows the user to set restrictions on access control on his personal data for the application.

If the application is allowed to store and send user credentials along with Oauth authorization headers, the user will never know that the application uses its personal data and cannot set any restrictions for the application.

Hope this explanation helps.

+2
source

try posting your photos to a public gallery in Picasa Web Albums, in which case you don't need a user account to access the photos.

0
source

If you want to not show the login dialog, you can try to get the OAuth token using the AccountManager . This will effectively do the same behind the scenes using the saved username and password for your Google account. Naturally, the account must be registered on the device before that. Here is a short description, you just need to figure out the correct scope of Picasa and pass it as a type of token: http://developer.android.com/training/id-auth/authenticate.html

You can get the authentication token using the username and password with ClientLogin , but are already outdated, so it is not recommended to use this in new projects.

0
source

Source: https://habr.com/ru/post/1384523/

More articles:


All Articles