Reputation: 933
authorize user to use REST API through google services
I have three actors:
- (my) RESTful API behind SSL.
- (my) Android app that has Google "Sign in" button.
- (my) Web App that allows user register using their Google Account via OAuth.
What I would like to be able to do is this:
- Generate something when user logs in on the mobile device.
- Compare that to something else I can generate on the server for that Google Account.
- If the two pieces match match, give app a newly generated token that it can use in all subsequent API calls for a period of time.
How do I go around doing that? I am reading through OAuth documentation but I am struggling to understand what are these "something" and "something else". Any help will be appreciated.
Upvotes: 1
Views: 1534
Answers (2)
Reputation: 933
I have solved this, but I am not sure if this is the best way to do it.
For Google, I send user uid and authorization token that I have obtained in the app by GoogleAuthUtil.getToken(). On the server, I go to https://www.googleapis.com/oauth2/v1/tokeninfo?fields=user_id&access_token={token}, where {token} is the token I received from my mobile app. If the user_id in OAuth2 response matches the uid that was supplied by API and the uid matches for some user record in my database, that user is considered authenticated.
For Facebook, I do the same thing, except I use session.getAccessToken(...) to obtain the token on the app side and https://graph.facebook.com/me?fields=id&access_token={token} to verify it with Facebook.
Upvotes: 1
Reputation: 2208
I don't know if you are still woking on this, I get to your questing having the same scope than you and facing the same issues and after searching the net (Google, Stack overflow and Google Developers documentation) I've found something tu put my hands on this evening after work that may help others to achieve this feature in their apps:
https://developers.google.com/identity/protocols/OAuth2InstalledApp
But that's not enough, is a good reading but doesn't solve our problems at all.
More usefull readings on this topic should be this (wich says "This quick-start app lets you get started with Google Identity Toolkit on Android in about 30 minutes."):
I tried it once but my app and web api wasn't mature enough, I'll try that asap and I'll let you know if I could make it work as expected (as the tipical web aplication example)...
Hope it helps anybody else.
Upvotes: 2
Related Questions
- SSO for Salesforce android app in Google workspace(as a service provider)
- Use authorized Google Cloud Endpoints with Google Sign in
- Google Service Account by REST
- Google API: Authenticating with oauth user id
- Android secure RestAPI using Google Account OAuth
- How to use GoogleApiClient to provide credentials for cloud endpoint client
- Using Google sign in between Android app and api
- Implement Google login in Android Client/Server app
- Authenticate Google App users with Google OAuth2 API
- how to use google Authorization service in our android application?