CODEWITHSUNDEEP
androidgoogle-oauthgoogle-play-services
Victor G
Victor G

Reputation: 399

Getting user info in an Android Google Authentication with Server Side Verification setup

I am having some issues in getting Google authentication to work in my android app, using Google Play Services. First, I used the samples provided with the library to obtain a token using the scope bellow

GoogleAuthUtil.getToken(getActivity(), mEmail,"oauth2:https://www.googleapis.com/auth/userinfo.profile");

then I used the token to get more info about the user:

URL url = new URL("https://www.googleapis.com/oauth2/v1/userinfo?access_token=" + token);
HttpURLConnection con = (HttpURLConnection) url.openConnection();

That worked. Then, I used Verifying Back-End Calls from Android Apps post on Google Developers Blog to authenticate the app users to my web server. So I replaced the scope of the getToken with

audience:server:client_id:<webapp_clientId_for_localhost>.apps.googleusercontent.com

and used a similar checker with the one in the article to verify the audience and clientId (Android Client Id) on the server side. This also worked but, if I try to get more info about the user (first and last name), either from the android app or from the web app, using the userinfo API I get:

{ "error": { "errors": [ { "domain": "global", "reason": "authError", "message": "Invalid Credentials", "locationType": "header", "location": "Authorization" } ], "code": 401, "message": "Invalid Credentials" } }

The code I use is:

URL url = new URL("https://www.googleapis.com/oauth2/v1/userinfo");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestProperty("Authorization", "OAuth " + token);
con.setRequestProperty("ContentType", "application/json; charset=UTF-8");

Any idea why userinfo not working? Is there something else I should add to the scope?

Upvotes: 0

Views: 1852

Answers (1)

breno
breno

Reputation: 3296

The token you use for backend verification is intended for your server, while the one with oauth2: is intended for Google. At this point in time there's no mechanism to request both tokens simultaneously, so you need to make two calls to GoogleAuthUtil. You should be able to request both (one at a time) after a single consent step. In practice, the oauth2: token should be needed less frequently, as you can associate the user's profile data w/ the account you have from them in your home server.

Upvotes: 3

Related Questions