Reputation: 3770
Android authorization with Google for my own server
So I'll start from the beginning. I want to create an Android application and a server (written in java). The server will be written in Java. What I want to do is to be able to log in to my server from the Android application, using the Google account. After the device is logged in, there will be some information sharing with HTTP Requests. I want to use REST.
How should I proceed for achieving my goal? I guess I should use the Google API and Google App Engine. What should I do to implement the log in and the part in the server. It's first time for me writing a server and an application with log in, so any advises will be appreciated. The application is for educational purposes. Thanks in advance!
Upvotes: 2
Views: 1335
Answers (2)
Reputation: 1674
I would really suggest you give Google App Engine a try, specially combining it with Cloud endpoints which are designed to connect your server to clients like an Android App. Using endpoints you'll get cloud infrastructure + REST services + native libraries ( for Android, JS and iOS) and everything related to authentication is already sorted out (via OAuth).
App Engine can also be developed using Java and it's already integrated with popular IDEs like Eclipse (through the Google Plugin) and Android Studio (as backend modules) so you prbably have everything you need to star working on your App Engine server.
Upvotes: 1
Reputation: 30985
Use Google Play services (you don't need App Engine).
Here is the complete process with code samples: Authorizing with Google for REST APIs
Another option you can look at: Google+ Sign-in for Android
On the server side, once you have the auth token, you access the Google REST API with the username and token, and Google will tell you if the access is authorized.
I understand what you're trying to do. Your user already has a username and credentials on Google, why not just get the username and let Google do all the authentication?
However, you might want to re-think this approach.
The problem is that you will ask your user to sign in to Google and Google will ask the user (through logic in the Android API code) if your application can have access to their information in Google. Your users may balk at granting that kind of access to your application, and that will hamper your efforts to get people to use your app.
Now, if your app actually uses the Google REST APIs, then this would make more sense, because the auth token your app requests will provide access to a Google API.
But if all you're doing is authenticating, your users might be hesitant to authorize your app for some Google operation they don't think you need.
To get a feel for the OAuth 2.0 message flow, you can use this: OAuth 2.0 Playground
Upvotes: 1
Related Questions
- Server side authorization with Google Play Developer API?
- GoogleApiClient for Google Login
- Integrating Google Sign-In into Android App
- authenticate the user on Android but process on remote server?
- How to auth my app with Google LogIn?
- Integrating Google Sign-In into Your Android App
- Google Authentication with a Backend Server required Scopes
- google authorization
- google oauth2 on android
- Sign in using Google account in Android