14

I have Android client to my AppEngine server, both using Google Accounts. I would like to use AccountManager for getting accessToken for OAuth. So far I'm using ClientLogin, but I would like to switch to OAuth.

Setting up OAuth on AppEngine is easy - I followed this article. But the client side is a mystery, in particular I don't know what to use for scope, in AccountManager terms authTokenType. For ClientLogin, I'm using "ah" for authTokenType. But what about OAuth?

David Vávra
  • 18,446
  • 7
  • 48
  • 56
  • 1
    Have you looked at the "App Engine connected android project" option of the Eclipse plugin? It automatically generates the necessary code for you. – Nick Johnson May 02 '12 at 00:47
  • I haven't actually used it, but, IIRC, the scope is your whole app. So something like 'http://myapp.appspot.com' – Nikolay Elenkov May 02 '12 at 03:58
  • I have looked into "App Engine connected android project" and it uses ClientLogin, not OAuth. Full domain as scope might work, I will try that. – David Vávra May 03 '12 at 11:59

2 Answers2

10

As of today you can use Google Play Services API on android to do Oauth 2.0 authentication on android. You could then use the method described by @nivco to get the userinfo on appengine. I have not done this yet, but I plan tp do exactly what your talking about.

https://developers.google.com/android/google-play-services/authentication

Patrick Jackson
  • 18,766
  • 22
  • 81
  • 141
6

I'm not sure what you are trying to do is possible through the App Engine OAuthService used in the article you are referring to. Also it is stated that AppEngine OAuthService only supports OAuth 1 but Android only supports OAuth 2 :) so you are screwed.

If you want to do cross Android - App Engine authentication, what I would do is:

  1. In Android: get an access token for the UserInfo API (scope = https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile) from the AccountManager.
  2. Pass the access token to App Engine in a URL param of the request you are making from Android to AppEngine (make sure you use HTTPS to avoid interception!).
  3. On the App Engine side: use the access token to read the user's identity using the UserInfo API. This is basically using OpenID Connect!
  4. Then you can use the information you got from the UserInfo API to authenticate the user. The email and the user ID you'll get from the UserInfo API is equivalent to the email and user ID you would get from the AppEngine's UserService => you can trust it!

PS: I described getting OAuth 2 tokens using the Android AccountManager in this article. It was written pre-Ice Cream Sandwich but I'm hopping it is still valid. Basically the authTokenType needs to be oauth2:{scopes}, so for instance oauth2:https://www.googleapis.com/auth/tasks for the Tasks API. There might be some better ways to do this now.

Nicolas Garnier
  • 12,134
  • 2
  • 42
  • 39
  • 1
    Thanks for pointing me in a right direction. However I don't need to administer AppEngine via API, so I don't think this scope will work. I just want to login to AppEngine with Google Account as regular user. – David Vávra May 05 '12 at 13:13
  • The trouble is the access token you get from `AccountManager` will only be valid for your Android app, so if your website tries to use the same token it will be rejected. I haven't found a way around this yet and I can't believe nobody else has this problem... – Timmmm Jul 24 '12 at 17:02
  • I don't think that's possible through an API using App Engine's auth... Also it is stated that the AppEngine service only supports OAuth 1 but Android only supports OAuth 2 :) so you are screwed. – Nicolas Garnier Jul 25 '12 at 18:22
  • I've added some stuff about using the userInfo API which I think is what you should do if you want to have cross Android-AppEngine user authentication. – Nicolas Garnier Jul 25 '12 at 18:27