Reputation: 4592
Android - best practices for authorization
I am researching how to autenticate and authorize user within Android application
For autentication there is the AccountManager but I am not sure how to check whether the user is signed in or not. I know how to set up AccountAuthenticatorActivity and AuthenticatorService but I am not sure how its connected with the application.
Am I supposed to call some check on every onCreate in every activity to ensure that the user is signed in or does the service does that for me somehow?
If I am supposed to do some regular checking, what is the best practice towards where such checking should be called?
Upvotes: 1
Views: 1279
Answers (2)
Reputation: 11577
As always, it depends. Do you need to protect the whole app? or some particular activities or some fragment in some activities. Take a look at Mint app.
It asks the user to enter pass code to access app. For something like this, create a base activity and make all activities in your app inherit this and do the checking in the base activity.
If you need to secure just some activities, create a base activity just for these activities and do your security check there.
If it is for some portion of an activity, You have to roll up something specific for your workflow.
Just a tip, Try to split your question into smaller problems, it makes easier for people to answer.
Upvotes: 1
Reputation: 1234
It depends on your application, really. Unless you have a requirement for very strict security, like a financial application, government application, etc. I think you could get by with a simpler approach. For example, after a user logs in (however you choose to implement this) store a value in SharedPreferences to denote the user has authenticated. From here, you could do one of the following:
- If your application requires you authenticate every activity/fragment you launch, simply check this SharedPreferences value. You could also create a base activity that all your other activities extend and do your authentication check there.
- If you only need to authenticate once, modify your launcher activity in your manifest to check for this value. If the user has authenticated already, create a new Intent for your 'home' activity and redirect your user and finish() the launcher activity.
Upvotes: 2
Related Questions
- Android, AccountManager and OAuth
- Android Login - Account Authenticator vs Manual Authentication
- What is the most secure way to authorize an user in Android?
- What should I use Android AccountManager for?
- Best practice for authentication and authorization in an Android Application
- How to implement AccountManager in my app
- When to use account authenticator
- Android: How to implement an account login system?
- Handling login and remember me with the AccountManager
- Android - Best practice Login application