0

In my application I use scope: oauth2:https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile

When loging in, application asks the user for permission to "Know who you are on google". I hate that behaviour, and I hate that text even more. I would instantly uninstall app that would ask me to "know who I am". And all I want to achieve is to have an authenticated user so he can call method on server (using endpoints). I don't even want to know his email, but google failed to deliver such functionality as well:more here. Anyway, is there any way to get rid of this question by defining some permission in android-manifest? I add more and more permissions but it does not help. At the moment I have:

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />    
<uses-permission android:name="android.permission.NETWORK" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.READ_PROFILE" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
<uses-permission android:name="android.permission.ACCOUNT_MANAGER"/>

And Google still asks for the permission in app. Anyone knows how to authenticate user with oauth2 and not to ask for permission by a google-forced popup in my application?

Community
  • 1
  • 1
user2855896
  • 270
  • 2
  • 11
  • I will be really grateful for any hints and links that might help me to solve this problem. I want to define all my permissions in manifest, so the users will not be bothered in application. – user2855896 Dec 31 '13 at 12:48
  • Why do you ask then for these scopes if you do not need them ?! – M.Sameer Dec 31 '13 at 14:14

1 Answers1

0

@M.Sameer: I ask them because I need to know what player am I dealing with... But I think I will move to different solution.

I will not require any login and give new users unique ID and random password, set in shared preferences and send it in every request and make "unauthenticanted calls" against my endpoint.

This solution provided by Google for Android + App Engine authentication is riddiculous and unacceptable. So much trouble to authenticate user and get his unique user ID... And only with Google account! How much harder it would be to integrate with Facebook and other providers.

It asks gazillion permissions in manifest, asks even more permissions while interacting with users... And all I wanted to know is a number identifying an user. Now I'll remove: GET_ACCOUNTS, USE_CREDENTIALS, READ_PROFILE, AUTHENTICATE_ACCOUNTS, ACCOUNT_MANAGER, remove all stupid "I want to know who you are on Google" and greatly improve user experience with the game as he will not have to enter any stupid data, just instant play, and if he wants to he will change his password or remember the one I gave him and login from different device.

[UPDATE]

I actually succeeded with this authentication. The problem with asking "to know who you are" appeared because after installing new system on other disk and booting eclipse from old one, it used new debug key that was stored on new disk, and I did not handle it well. After fixing that, the main problem is gone. I still need "GET_ACCOUNTS" and "USE_CREDENTIALS" to uniquely authenticate user and I am really unhappy about that, but I guess it can't be helped.

user2855896
  • 270
  • 2
  • 11