Using Google OAuth 2 on embedded Android-based device

Question

We have an application for embedded Android-based device, it uses WebView and inside it we use Google OAuth 2 to login to the app. Unfortunately Google will soon block OAuth 2 inside WebView, and we have lots of restrictions:

• The device doesn't have Google Services installed, so probably no 'official' way of logging in would work (or maybe any of them would work without Google Services?)
• We can't just invoke Android browser to do login, because it shows address bar, which would allow the user to surf the internet, which we can't allow
• We don't fully control the software installed on the device: can't install Google Services, update Android version, install Google Chrome, etc..., we can just update our app.

What else could we do having those restrictions?

Answer 1

There is a library that supports Android 1.5 and higher for Google OAuth 2:

Sample code found here:

https://github.com/google/google-api-java-client-samples/blob/master/oauth2-cmdline-sample/src/main/java/com/google/api/services/samples/oauth2/cmdline/OAuth2Sample.java

Answer 2

Implementation through a browser:

1) Register custom URI scheme (How to implement my very own URI scheme on Android), for example, app-oauth2://

2) Make access request in user's browser

https://accounts.google.com/o/oauth2/v2/auth?
scope=...
access_type=offline&
include_granted_scopes=true&
state=state_parameter_passthrough_value&
redirect_uri=http://example.com/oauth2-handler&
response_type=code&
client_id=...

3) If user accept or denied requested rights in the confirmation dialog, it will be redirected to redirect_uri (http://example.com/oauth2-handler) with some params

4) On the side of redirect_uri handler (http://example.com/oauth2-handler), mare a redirect to custom URI scheme with params:

• Success: app-oauth2://?state=state_parameter_passthrough_value&code=...&scope=...#
• Failure: app-oauth2://?error=access_denied&state=state_parameter_passthrough_value#

5) In your app you can parse URI scheme app-oauth2:// from option 4 and receive the code for future usage or error for displaying to the user.

Answer 3

As per the problems on your side it would be best to open an Intent from within the App targeted towards the sign in Weburl [this won't trigger up address bar link]

Refer to this stackOverflow page how to open "Add a Google Account" activity using intent?

now you may use Shared preferences to store the Authentication data for further logins [ if the requirements of the app permits it.]

https://developer.android.com/reference/android/content/SharedPreferences.html

Answer 4

You need to use OAuth Web services for implementing a solution based on your needs.

Reference link: https://developers.google.com/+/web/api/rest/oauth

Here is a sample github project that is using OAuth 2 web service for logging into Twitter. You can take help from it for consuming the Google's OAuth2 web services in your Android Application.

Repository link:
https://github.com/sathify/tagpulse

Web service consumption screen link: https://github.com/sathify/tagpulse/blob/master/android/src/tag/pulse/main.java

I hope this helps.