Reputation: 41
Send username and password to google oauth authentication
I'm developping an application in android that provides information about different places. I've though of storing images of these places in picasa and retrieve them using the google apis, for this I created a new google account for the user holding the images.
The problem is when I start the oauth process for obtaining the token, I got a new web page asking for the username and password. As this is a technical user, all the end users will not know about the users and pwd.
Is there a way to send the username and password together with the other oauth values (client_id, secret_id, redirect_uri ,...?
Thank you
Upvotes: 4
Views: 3523
Answers (3)
Reputation: 52936
If you want to avoid showing the login dialog, you can try to get an OAuth token using the AccountManager. That will effectively do the same thing behind the scenes, using the saved username and password for the Google account. Naturally, the account needs to be registered on the device before that. Here is a brief description, you just need to find out the right scope for Picasa and pass it as the token type: http://developer.android.com/training/id-auth/authenticate.html
You can get an authentication token using an username and password with ClientLogin, but has already been deprecated, so it's not a good idea to use it in new projects.
Upvotes: 0
Reputation: 18592
Google Oauth authentication is a three legged process:
- Obtaining the Request Token
- Authorize that request token
- Exchange the authorized request token for an access token
Username and password is required at the second stage of this process where the user, by using his login credentials, authorize the client application to access its private data stored in the google server.
Now to the question that @Luis raised which is, is there a way to send the username and password together with the other oauth values? The answer is No. It is not possible to send the username and password in the Authorization header nor in the query parameter of the authorization URI. The reason being the user should always be made aware that the client (which is your application) is using the user's data. Hence the user is always redirected to the webpage where he/she is asked to provide the login credentials. This also allows the user to set restrictions with respect to access control on his private data, for the application.
If the application is allowed to store and send the user login credentials along with the Oauth Authorization headers, then the user will never know that the application is using its private data nor can it set any sort of restrictions for the application.
Hope this explanation helps.
Upvotes: 3
Reputation: 11
try to put your photos in public gallery in Picasa web albums, in this case there is no need of user account for accessing the photos.
Upvotes: 0
Related Questions
- How to use oAuth 2.0 in Google Apps Script to authorize Picasa Web Album
- Unable to authenticate when trying to add photos or albums through Google Picasa API
- Error "Invalid token: Cannot parse referred token string" when trying to access to Picasaweb API with oAuth2 from Java
- validating Android's authToken on third party server
- google hybrid protocol authentication issue
- Picasa API with oAuth 2.0
- API authentication using Google OAuth 2.0
- OAuth2 + GData Client API - usage
- Google authentication without user
- ClientLogin for Picasa Web Albums Data API with a Google App Domain login