How does a server handle Android Instance IDs?

Question

I'd like to try using an InstanceID to authenticate my Android app with my database server (PHP/MySQL). I'm stuck, with some missing pieces of the puzzle. As I understand it, the process goes something like this:

Get an API Key and a PROJECT_ID from the Google Developer Console.
Create a "scope" String that apparently identifies the server functions the app is allowed to access.
In my app, call mInstanceID.getId() to get the InstanceID, and store locally.
In my app, call getToken( PROJECT_ID, scope ) to get the access token.
Include the token somehow in requests to the server. (How?)
....and...?

The big missing piece is: how does the server learn about the existence of this token? I can't find any documentation on this. I presume that the "scope" value is encoded somehow in the token, and somehow the server receives it and can examine it to decide if the request is permitted. How does this happen?

You can firebase to query the json file – Remario Jan 26 '18 at 20:40 — Remario, Jan 26 '18 at 20:40

score 0 · Answer 1 · answered Jan 26 '18 at 20:42

0

The server learns about the existence of the file. Because you registered it in the Google development console. A great example is firebase messaging service. You can only make the call if the api key matches.

answered Jan 26 '18 at 20:42

Remario

3,813
2
18
25

Sorry, I don't understand. What "file" are you talking about? And how does my server verify that the access token is valid? – Robert Lewis Jan 27 '18 at 17:40

How does a server handle Android Instance IDs?

1 Answers1