4

I am having trouble understanding the Android Google+ Sign in documentation

I would like to support "sign in with Google" with Server-side access for your app and I also would like to support Cross-platform single sign on. However it's not clear if I can really do both since one is using the GoogleApiClient.connect() and the other, the GoogleAuthUtil.getToken().

If I try to use both, GoogleAuthUtil.getToken() to get an offline token and GoogleApiClient.connect() for the cross platform single sign on, the user is prompt twice with a permission screen. (I also have to set twice the server client id and scope which seams dumb)

Any ideas? Am I doing something wrong?

Niqo
  • 1,072
  • 10
  • 20

1 Answers1

3

The good news is that what you would like to do is supported!

The reason you're seeing the prompt for permissions twice is that you are resolving client side issues (GoogleApiClient.connect() issues) before your resolve server side issues (GoogleAuthUtil.getToken() issues).

GoogleApiClient.connect() will only ask for permissions if the user has not yet granted permissions to your app. GoogleAuthUtil.getToken("oauth2:server:client_id:<server client-id>:api_scope:<scope1> <scope2>") will ask for permissions every time because you are requesting offline access (a refresh token) for your server.

To ensure you only see the permissions screen once, you must first check whether your server needs an access token and, if not, request one with GoogleAuthUtil.getToken() (which will show a permissions screen to the user). Once you have ensured that your server has a valid refresh token, you can call GoogleApiClient.connect() which will not display a permissions screen.

Ian Barber wrote a blog post explaining the way to achieve this flow:

http://www.riskcompletefailure.com/2013/10/google-android-client-server-sign-in.html

The post talks in terms of PlusClient which is now deprecated in favour of GoogleApiClient, but the flow is still valid.

Lee
  • 3,972
  • 22
  • 17