0

I am blocked in the creation of my mobile App.
I want to be able to use google shortener and his analytics feature in my app, the problem is that I want use the 2-legged Oauth2.0 and I haven't understand if is it possible to reach this goal with this google service.
I tried to implement a 3-legged Oauth 2.0, and all work. But is not what I want. I searched a lot on the web but I haven't found a nice solution. Some one can help me?

Ivaylo Slavov
  • 8,839
  • 12
  • 65
  • 108
MarkWarriors
  • 544
  • 2
  • 9
  • 17

1 Answers1

0

If you want to use 2-legged OAuth 2.0 (that is, your application acting on behalf of itself, and not accessing a specific user's data) then usage of a service account is usually the right way to do this.

However since you're building a mobile app, that means you'd need to embed the service account key in your app, which is generally a bad idea (since it can be extracted).

I'm not familiar the URL shortener API per se, however their docs seem to indicate it will work using a simple API key: https://developers.google.com/url-shortener/v1/getting_started#APIKey

I would suggest testing if that will work for your use-case, and if so it will be more practical to use than a service account.

Background: For environments that can be trusted, a service account is a better option to use as the key is never transmitted, but here where your app is being distributed anyway (and therefore needs a secret embedded inside of it) then either a private key, or a simple API key will provide equivalent level of security.

aeijdenberg
  • 2,427
  • 1
  • 16
  • 13
  • uh, maybe I wasn't clear, but I also want that the short url will be insert in the list of short url that I can analyse with the analytics. So I need that the url will be shortened with my account. I tryed to short some url with only the api key and all was ok but the url wasn't displayed in my account shortened url. – MarkWarriors Jun 10 '13 at 08:19