I'm developing an Android application that connects to a web service written in PHP and saves/retrieves some user information.
I need a way to securely identify users of that application on the web server. I can easily use AccountManager to retrieve user email and send it to the web server, but what is the simplest way to authenticate it?
My web service doesn't use any Google services/APIs. The only thing that I need is to confirm (on web server side) that user#gmail.com is really user#gmail.com.
Related
I want to use Gmail API to send email in JAVA,and all information I fond told me to create a Service accounts and connect with Google Workspace. But I don't have a Google Workspace account also can't register one,so the question is:
1.Can I send email without Google Workspace?
2.Can I just Add 'type' into Client ID.json to make it work like Service accounts.json?
Can I send email without Google Workspace?
Yes you can use gmail api without workspace you will just need to use Oauth2 rather than a service account and authorize a user.
Oauth2 requires that a user consent to the access to their google account. A user will need to authorize your code at least once.
Where as service accounts allow you to preauthroize access defined using domain wide delegation within a google workspace account. So no user interaction would be required.
Can I just Add 'type' into Client ID.json to make it work like Service accounts.json?
No the code is different depending upon the type of client you have created. If you create a web client then you need to use code designed for a web client. If you create installed client credentials then you need to use the code for an installed client.
The following sample Java quickstart is designed for an installed app. It will open the browser consent window on the machine the code is running on.
Is there any way to make an authentication system in laravel for both android and Web apps.
Since android apps doesn't have sessions it is hard for me to figure another way to make an authentication with laravel
Make login API for that .APIs use access tokens to authenticate users and they do not have session .
You can use laravel passport for that which help you to maintain Oauth2 server for your application. So it is basically like sending login request via api and get the access token as a callback which will be used through out your android and web app.
see below
https://laravel.com/docs/5.5/passport
https://itsolutionstuff.com/post/laravel-5-how-to-create-api-authentication-using-passport-example.html
I'd like to use the google universal analytics API on the server side. The idea is that there is a browser app showing some graphs which is open to the intranet and doesn't require a login at all. So server either does the login for client and provides the working token to the client or the server provides all the data to the client as well. Oauth login docs and libs from google rely on redirect urls etc which sounds painful for a server-side login . So is it possible and are there any tutorials?
I am in progress of creating an Android Application which should have ability to share content with other users and I am planning to use PHP backend.
I want users to log in to my web service to avoid trolling and filling my service with useless data.
But now that I am using Android to access the service, I know its simple to create a HTTP post and send the login credentials to server but how to keep the session alive?
As far as I know its common to just keep the application logged in to the service with mobile phone, at least when there's no personal data available.
How should I store the data that Android device has been logged in?
Lets say I created a MySQL table that would contain the user, password and id.
I thought about generating unique id for the device, using ANDROID_ID or IMEI and associate it with the user id that has been logged in my web service, but that doesn't seem secure enough.
How does other applications do this?
You can continue to use a session if you read the cookie from the first server response (set through Set-Cookie) and send it in subsequent requests using a Cookie: header. Just the same way a web browser does it.
It depends on the HTTP library you are using, how it is done.
I am developing a web application using strut2 framework and using gmail credentials for login to that application. I am able to use google account services for login purpose successfully. Now I am trying to implement SSO between gmail & my application. The use case is "If user is already logged into gmail, I want that user to log automatically into my application".
How should I go about it?