SignUp using Google Android Auth 2.0 HTTP post request after getting authorization code

Question

https://developers.google.com/accounts/docs/OAuth2InstalledApp

I am giving user to signup with Google account in webview with the following link

webview.loadUrl("https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&state=%2F&response_type=code&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=706645665586.apps.googleusercontent.com");

which contain my client id and redirect URI as per given by Google API console i.e Choosing a Redirect URI https://developers.google.com/accounts/docs/OAuth2InstalledApp

and finally a get the authorization code that is returned in the title bar of the browser using view.getTitle()

Afterwards Another Request is required to send The actual request might look like:

POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=4/y_jtre05wvb6QSPo0Tkx5AbLfWB
client_id=706645665586.apps.googleusercontent.com
client_secret={client_secret}&
redirect_uri=urn:ietf:wg:oauth:2.0:oob
grant_type=authorization_code

So Now while making HTTP POST request ..

    DefaultHttpClient httpcl = new DefaultHttpClient();
    HttpPost httpp = new HttpPost("https://accounts.google.com/o/oauth2/auth");
    List<NameValuePair> a = new ArrayList<NameValuePair>();
    a.add(new BasicNameValuePair("code", "4/y_jtre05wvb6QSPo0Tkx5AbLfWB"));
    a.add(new BasicNameValuePair("client_id", "706645665586.apps.googleusercontent.com"));
    try {
        StringEntity mEntity = new StringEntity("");
        mEntity.setContentType(" application/x-www-form-urlencoded");
        httpp.setEntity(mEntity);
        httpp.setEntity(new UrlEncodedFormEntity(a));
        HttpResponse response1 = httpcl.execute(httpp);

        String response = EntityUtils.toString(response1.getEntity());
    } catch (UnsupportedEncodingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (ClientProtocolException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (ParseException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

So I am getting Bad Token response ... I am try this since yesterday and suggestion and help would be appreciated .. my main aim is to get user info using gmail account in android

Answer 1

I finally found the working sample You can use Google+ developers API. Look at this project on github and this article.here

Answer 2

I think you are mixing the different flows here a bit:

• The Client-side flow does not require a client secret, but is primarily meant for Javascript applications.

• The Installed Applications flow does require a client secret, though:

  The client_id and client_secret obtained during registration are embedded in the source code of your application. In this context, the client_secret is obviously not treated as a secret.

  You probably generated a client ID in the API console for Installed application -> Android, so you only got a client ID and had to specify your application's certificate fingerprint. This type of client ID is meant for use with the recently released and recommended (because it's more secure) Google Play Services.

  If you want to use the Installed Applications flow manually, you have to generate a client ID for Installed application -> Other, where you also get a client secret. When exchanging the authorization code for an access token, you are then required to specify all five parameters:

  code            The authorization code returned from the initial request
  client_id       The client_id obtained during application registration
  client_secret   The client secret obtained during application registration
  redirect_uri    The URI registered with the application
  grant_type      As defined in the OAuth 2.0 specification, this field must contain a value of authorization_code