Webservice credentials - OpenID/Android AccountManager?

Question

I\'m building a webservice and would like to use the user\'s google account credentials.

The service runs on GAE and will have a web client and an Android native cli

Answer 1

I spent about a week to find a suitable and modern looking way for this - without web browser and by using android account manager.

If you would like to use Google account and AccountManager to identify the user you can:

1. Get his token to Google Contacts (auth token type is "cp") through AccountManager on background thread:

   public String getUserToken(Activity activity)
   {
       AccountManager accountManager = AccountManager.get(activity);
       AccountManagerFuture amf = accountManager.getAuthTokenByFeatures("com.google", "cp", null, activity, Bundle.EMPTY, Bundle.EMPTY, null, null );
   
       Bundle bundle = null;
       try {
           bundle = amf.getResult();
           String name = (String) bundle.get(AccountManager.KEY_ACCOUNT_NAME);
           String type = (String) bundle.get(AccountManager.KEY_ACCOUNT_TYPE);
           String token = bundle.getString(AccountManager.KEY_AUTHTOKEN);
           return token;
       } catch (OperationCanceledException e) {
           e.printStackTrace();
       } catch (IOException e) {
           e.printStackTrace();
       } catch (AuthenticatorException e) {
           e.printStackTrace();
       }
       return null;
   }
   

2. Pass received UserToken to the server over secured channel.

3. Validate the token at the server by google using gdata library (Google Data API library):

   public String getUserId(String token)
   {
       ContactsService contactsService = new ContactsService("Taxi");
       contactsService.setUserToken(token);
   
       IFeed feed = null;
       try {
           feed = contactsService.getFeed(new URL("https://www.google.com/m8/feeds/contacts/default/full?max-results=10000"), ContactFeed.class);
       } catch (IOException e) {
           e.printStackTrace();
       } catch (ServiceException e) {
           e.printStackTrace();
       } catch (NullPointerException e) {
           e.printStackTrace();
       }
   
       if (feed == null)
           return null;
   
       String externalId = feed.getId();
       IPerson person = feed.getAuthors().get(0);
       String email = person.getEmail();
       String name = person.getName();
       String nameLang = person.getNameLang();
   
       return externalId;
   }
   

4. Google token can expire (usually after an hour), so if you failed to validate the token at the server, you must send response back to client, invalidate the token and get a new one. Use account manager to invalidate the token:

   public void invalidateUserToken(Context context, String token)
   {
       AccountManager accountManager = AccountManager.get(context);
       accountManager.invalidateAuthToken("com.google", token);
   }