All geek questions in one place

Best way to use Google APIs using OAuth 2.0 on Android

I am trying to port an Android application using OAuth 1.0a to OAuth 2.0. (using the Google APIs client library for Java / Android for my OAuth 2.0 needs).

What is the best / preferred solution for accessing the Google APIs using OAuth 2.0 on the Android platform, which also takes usability into account. The user should be able to authorize access in a simple way, easily integrating with my Android application.

Currently, the application uses the OAuth 1.0 web stream, where my application pops up in the browser to allow the user to allow access, and using a custom redirect URI, my application can retrieve the access token. This works very well, but I didn’t like the fact that I need to leave my application in order to release brower to display the web page. I thought OAuth 2.0 could get around this and provide a better user interface.

I started to learn the Adroid AccountManager-OAuth2 integration as described in Google IO , as it is not related to the web browser and is more closely connected with Android, but it just does not work as it should. It is not documented and unclear whether it will remain a viable option for the future.

Now I started exploring the standard OAuth 2.0 web stream.

Here I have 2 options:

Configure the OAuth 2.0 client as the installed application and use the URI: ietf: wg: oauth: 2.0: oob redirect URI.

Not a very clean solution, since I do not want my users to copy some kind of code into my application. This is not user friendly.

Using OAuth 2.0 to access API documents Google API mentions that there is some way of polling the page title to parse the URL, but I also see a lot of usability problems with this, and I really don't want to write this type of plumbing. If there is a client library that will do this for me, I would be happy to continue studying this issue, but now I have disabled this option.

Configure the OAuth 2.0 client as webapp and use the redirect URI.

Here I noticed that in OAuth 2.0 non-standard schemes are forbidden. Previously, you could use something like xoauth: // callback, but this is no longer allowed. When setting up a redirect URI, such as http://mysite.com/oauth2/callback , I cannot turn off Android when redirecting a Google OAuth 2.0 page, even though I set up the correct intent filter for it. http://mysite.com/oauth2/callback just displays in my browser.

Following works

Intent i = new Intent(Intent.ACTION_VIEW,Uri.parse("http://mysite.com/oauth2/callback")); startActivity(i);

But when the Google OAuth 2 page is redirected to the same URL, it just displays in the browser.

Even if this works, the user will still be presented with a pop-up selection window (open in the browser or open using my Android activity). In terms of usability, this is also unacceptable.

I am looking for a better solution than the ones described here.

Regards, Davy

+6
source share
2 answers

As a result, I used the WebView component to load the Google authorization URL. Using WebviewClient, I was able to intercept the pages loaded into Webview, and thus, when the user accepts or rejects the authorization request, I can continue the flow.

If the user accepts, the URL that Google redirects contains the request parameter "code" and the application can exchange it for an OAuth 2.0 token. If the user doesn’t accept, the URL that Google redirects contains the error request parameter, and the application can handle the unfortunate scenario.

I wrote everything on the blog: Oauth 2.0 stream in Android

The post also contains a sample Android application using OAuth 2.0 stream using the Latitude API. Sample code is available on GitGub .

+13
source

Play Services was introduced in Google I / O 2013 and is now the official way to use OAuth2 in Android . They do not require a webview.

+1
source

Source: https://habr.com/ru/post/894441/

More articles:


All Articles