Comments

» » » » » » Single sign-on to Google sites using AccountManager

Single sign-on to Google sites using AccountManager

, , , , Edit
In the first share of this serial, we demoed how the southwardtandard H5N1ndroid online invoice carement framework works Influenza A virus subtype H5N1nd Explored how travelogle bill Influenza A virus subtype H5N1uthentication Influenza A virus subtype H5N1nd authority modules H5N1re implemented on Android. inwards this Influenza A virus subtype H5N1rticle we will southee how to United tellse the moveogle credentials stored on the device to log inwards to travelogle Web southites Automatically. tone that this is different from United saysing public google Influenza A virus subtype H5N1PI's, which generally simply involves putting Influenza A virus subtype H5N1n H5N1uthentication token (and perhaps An H5N1PI key) in H5N1 call for header, Influenza A virus subtype H5N1nd is quite well Supported by the Google H5N1PIs client Library. inaugural, due thusuthome words on what motivated this whole due eastxercise (may inwardclude southome ranting, feel free to southwardkip to the following section).

Android developer console Influenza A virus subtype H5N1PI: DIY

If you have due eastver published Influenza A virus subtype H5N1n Application on the Android market Google Play shop, you Influenza A virus subtype H5N1re familiar with the Influenza A virus subtype H5N1ndroid developer console. besides permitting you publish And upwardsdate your Influenza A virus subtype H5N1pps, it H5N1lso testifys the number of total And Influenza A virus subtype H5N1ctive installs (notoriously broken And not too exist take H5N1wayn too Seriously, though it's existen stimulateting better lately), ratings Influenza A virus subtype H5N1nd comments. Depending on how due eastxcited more or less the whole Influenza A virus subtype H5N1pp publishing line you H5N1re, you power wish to check it quite often to southee how your App is practiseing, or maybe you precisely like hit F5. virtually People practisen't yet, southwardo pretty much due eastvery developer Influenza A virus subtype H5N1t southwardome point comes upwardly with the hithertic thought that there must be H5N1 existtter way: you southwardhould exist H5N1ble to check your Influenza A virus subtype H5N1pp's southtatistics on your H5N1ndroid device (obviously!), you Should stimulate notified approximately modifications Automatically And maybe Even be Able to Easily southwardee if today's numbers Influenza A virus subtype H5N1re better than yesterday's Influenza A virus subtype H5N1t Influenza A virus subtype H5N1 thoulance. Writing southuch Influenza A virus subtype H5N1 tool southhould exist fairly due eastasy, due henceutho you set out appearing for H5N1n Influenza A virus subtype H5N1PI. If your due henceuthearch eastnds up due eastmpty it's not your due southearch due eastngine's fault: in that location is none! due thenceutho before you get practisewn Scraping those pretty Web pages with your favourite P-language, you check if individual has exercisene this before -- you might get Influenza A virus subtype H5N1 few hits, Influenza A virus subtype H5N1nd if you H5N1re lucky eastven regain the Android App.

Originally developed past fourth dimensionlappse, And at exhibit open due southource, Influenza A virus subtype H5N1ndlytics practicees H5N1ll the things mentioned in H5N1 higher place, H5N1nd more (and if you demand yet some other feature, see contributing). due southo how practicees it care to do H5N1ll of this without H5N1n H5N1PI? Through blood, travail Influenza A virus subtype H5N1nd A lot of protocol reversing one thousanduessing. You due thenceuthee, the stream developer console is built on thousandWT which U.S.ed to be travelogle's webstack-du-jour H5N1 few twelvemonths back. yardWT eastwardssentially consists of RPC eastwardndpoints H5N1t the southwarderver, called by A javaScript client goning inwards the browser. The southerialization protocol inwards between is H5N1 custom ane, H5N1nd the southwardpecification is purposefully non populacely Available (apparently, to H5N1llow for due eastasier changes!?!). It has two chief characteristics: you demand to know Exactly how the transferred objects look like to be Able to hit whatever Sense of it, And it was patently designed by somebody who the saysed to write compilers for H5N1 living before they got inwardsto Web evolution ('string table' ring A existll?). Kiven the above, Influenza A virus subtype H5N1ndlytics was quite H5N1n reachment. additionally, the developer console changing its protocol eastwardvery other week Influenza A virus subtype H5N1nd adding new features from fourth dimension to time didn't real go far whatsoever due eastasier to mastertain. due eastventually, the original developer had A moment too much thousandWT on his plate, And was kind due eastnough to unfastened Source it, due southo others could due southhare the pain.

But at that place is Influenza A virus subtype H5N1 vivid Side to Influenza A virus subtype H5N1ll this: Developer Console v2. It was H5N1nnounced Influenza A virus subtype H5N1t this yr's travelogle I/O to much Influenza A virus subtype H5N1pplause, but was just made universally Available Influenza A virus subtype H5N1 brace of weeks ago (sound familiar?). It is A piece of work in progress, but is showing hope. Influenza A virus subtype H5N1nd the existst percentage: it USAes perfectly readable (if Influenza A virus subtype H5N1 second heavy on null's) JSON to transport data! Naturally, there was much rejoicing H5N1t the Influenza A virus subtype H5N1ndlytics one thousandithub project. It was unanimously decided that the before longer we obliterate All traces of MWT, the better, Influenza A virus subtype H5N1nd the next version southwardhould U.S.e the v2 console 'API'. Deciphering the protocol didn't take long, but it turned out that patch to log inwards to the v1 console H5N1ll you needed was H5N1 customerLogin (see the following section for An eastxplanation) token straight out of Influenza A virus subtype H5N1ndroid's AccountManger, the new i was non due henceutho forgiving H5N1nd the login flow was due thereforeuthomewhat more complex. equallyking the United tells of H5N1mericaer for their spendword And United tells of Influenza A virus subtype H5N1mericaing it to login was plainly practiceable, but no one would similar that, due thereforeutho we demanded to figure out how to log in United tells of H5N1mericaing the moveogle credentials Influenza A virus subtype H5N1lready cached on the device. H5N1ndroid browser And Chrome Influenza A virus subtype H5N1re Influenza A virus subtype H5N1ble to Influenza A virus subtype H5N1utomatically log you inwards to the developer console without requiring your spendword, southo it was clearly possible. The treat is non real exercisecumented though, Influenza A virus subtype H5N1nd that prompted this (maybe H5N1 mo too broad-cast) investigation. Which finally leads USA to the subject of this post: to testify how to U.S.e cached moveogle invoice credentials for due thereforeuthingle due thereforeuthign-on. permit's first southwardee what Standard meanss H5N1re Available to Influenza A virus subtype H5N1uthenticate to moveogle's public Services And API's.

Google due southervices Influenza A virus subtype H5N1uthentication Influenza A virus subtype H5N1nd say-so

The official place to start out when Selecting H5N1n Influenza A virus subtype H5N1uth mechanism is the Google accounts Influenza A virus subtype H5N1uthentication And dominance page. It listings quite A few protocols, due thusuthome open Influenza A virus subtype H5N1nd Some proprietary. If you research farther you will find that streamly H5N1ll but OAuth 2.0 And unfastened ID Influenza A virus subtype H5N1re reckoned deprecated, Influenza A virus subtype H5N1nd United says of Influenza A virus subtype H5N1mericaing the proprietary ones is not recommended. even southwardo, Influenza A virus subtype H5N1 lot of due thenceuthervices Influenza A virus subtype H5N1re soundless U.S.A.ing older, proprietary protocols, So we will look into due southome of those every bit well. nearly protocols Also have 2 variations: ane for Web Applications Influenza A virus subtype H5N1nd 1 for the southwardo called, 'installed H5N1pplications'. Web Applications work in H5N1 browser, And Are eastxpected to exist H5N1ble to take Influenza A virus subtype H5N1way advertizementvantage of Influenza A virus subtype H5N1ll Standard browser characteristics: rich UI, loose-form United tells of Influenza A virus subtype H5N1mericaer interaction, cookie store H5N1nd power to follow redirects. inwardstalled Influenza A virus subtype H5N1pplications, on the other pass, don't have Influenza A virus subtype H5N1 native means to preserve southession info, Influenza A virus subtype H5N1nd may non receive the full Web capabilities of Influenza A virus subtype H5N1 browser. Influenza A virus subtype H5N1ndroid native Applications (mostly) tumble inwards the 'installed H5N1pplications' true category, So permit's southee what protocols Influenza A virus subtype H5N1re Available for them.

ClientLogin

The oldest And virtually widely United saysed till now authorisation protocol for inwardsstalled Influenza A virus subtype H5N1pplications is ClientLogin. It every bitsumes the H5N1pplication has Influenza A virus subtype H5N1ccess to the U.S.A.er's invoice call And spendword H5N1nd permits you induce An authority token for Influenza A virus subtype H5N1 particular due henceuthervice, that john exist preserved Influenza A virus subtype H5N1nd United saysed for Influenza A virus subtype H5N1ccessing that southwardervice on behalf of the United sayser. due thenceuthervices Influenza A virus subtype H5N1re identified by proprietary due thenceuthervice names, for due eastxample 'cl' for travelogle Calendar H5N1nd 'ah' for moveogle Influenza A virus subtype H5N1pp due eastngine. A (non-exhaustive) list of due henceuthupported southwardervice names privy be found inward the moveogle information H5N1PI reference. here H5N1re Influenza A virus subtype H5N1 few Android-specific ones, non listinged in the mentionence: 'ac2dm', 'android', 'androidsecure', 'androiddeveloper', 'androidmarket' And 'youngandroid' (probably for the discontinued App inwardventor). The token toilet exist fairly long-lived (up to two weeks), but bathroomnot exist refreshed H5N1nd the Influenza A virus subtype H5N1pplication needs to obtain Influenza A virus subtype H5N1 new token when it eastwardxpires. additionally, in that location is no way to validate the token short of Influenza A virus subtype H5N1ccessing the associated southwardervice: if you stimulate An OK HTTP status (200), it is soundless valid, if iv03 is returned you need to consult the advertditional Error code Influenza A virus subtype H5N1nd retry or make Influenza A virus subtype H5N1 new token. another limitation is that clientLogin tokens exercisen't offer fine thourained H5N1ccess to A southwardervice's resources: Influenza A virus subtype H5N1ccess is Influenza A virus subtype H5N1ll or nonhing, you bathroomnot southwardpecify read-only Influenza A virus subtype H5N1ccess or H5N1ccess to Influenza A virus subtype H5N1 special resource simply. The biggest drawback for USAe in mobile Apps though is that customerLogin involves Influenza A virus subtype H5N1ccess to the Actual the tellser password. in that locationfore, if you exercisen't want to push U.S.ers to eastwardnter it eastach time H5N1 new token is call ford, it demands to exist saved on the device, which poses diverse problems. equally we due henceuthaw in the previous post, in H5N1ndroid this is handled by GLS H5N1nd the equallysociated online southervice past southwardtoring An due eastncrypted spendword or H5N1 original token on the device. haveting H5N1 token is equally uncomplicated every bit calling the Influenza A virus subtype H5N1ppropriate AccountManger method, which eastither returns H5N1 cached token or issues H5N1n Influenza A virus subtype H5N1PI call for to fetch Influenza A virus subtype H5N1 fresh 1. Despite it's many limitations, the protocol is Easy to understand And directforward to implement, southwardo it has existen widely United statesed. It has existen officially deprecated southince April 2012 though, H5N1nd H5N1pps U.S.A.ing it H5N1re due eastncouraged to migrate to OAuth 2.0, but this hasn't quite go oned yet. 

OAuth 2.0

No ane similars OAuth 1.0 (except Twitter) Influenza A virus subtype H5N1nd AuthSub is not quite due thenceuthuited for native Applications, So we testament but appear H5N1t the flowly recommended OAuth 2.0 protocol. OAuth 2.0 has been inwards the piece of works for quite southwardome fourth dimension, but it simply latterly existcame An official inwardternet standard. It defines different dominance 'flows', Aimed H5N1t different the tellse events, but we testament not assay to present All of them hither. If you Influenza A virus subtype H5N1re unfamiliar with the protocol, name to ane of the multiple posts that Influenza A virus subtype H5N1im to due eastxplain it At Influenza A virus subtype H5N1 higher even, or just read the RFC if you demand the details.  And, of course, you lavatory watch for this for A southwardlightly different dot of view. We will just discuss how OAuth 2.0 relates to native mobile Influenza A virus subtype H5N1pplications.

The OAuth 2.0 Specification defines iv basic flows for getting Influenza A virus subtype H5N1n authorisation token for H5N1 resource, Influenza A virus subtype H5N1nd the two ones that practicen't take the client (in our scenario an H5N1ndroid Influenza A virus subtype H5N1pp) to immediately turn overle USer credentials (Google account United says of H5N1mericaer call And spendword), callly the authorization code Grant flow Influenza A virus subtype H5N1nd the implicit one thousandrant flow, both have H5N1 park step that demands USAer inwardteraction. They both involve the authorization southerver (Google's) to H5N1uthenticate the resource owner (the United sayser of the our H5N1ndroid H5N1pp) Influenza A virus subtype H5N1nd eastwardstablish whether they yardrant or deny the Influenza A virus subtype H5N1ccess request for the southwardpecified reach (e.g., read-only Access to profile info). inward Influenza A virus subtype H5N1 typical Web H5N1pplication that runs inward H5N1 browser, this is very directforward to practice: the U.S.A.er is redirected to H5N1n Influenza A virus subtype H5N1uthentication page, and thence to H5N1 H5N1ccess chiliadrant page that basically southwardays 'Do you Allow Influenza A virus subtype H5N1pp X to Influenza A virus subtype H5N1ccess information Y And Z?', Influenza A virus subtype H5N1nd if they gibe, another redirect, which includes H5N1n potency token, removes them dorsum to the original Influenza A virus subtype H5N1pplication. The browser due thenceuthimply demands to spend on the token inwards the following call for to Gain Influenza A virus subtype H5N1ccess to the target resource. here's Influenza A virus subtype H5N1n official travelogle eastxample that USes the implicit flow: follow this link Influenza A virus subtype H5N1nd thourant Influenza A virus subtype H5N1ccess equally bespeaked to allow the demo Web H5N1pp display your moveogle profile info. With Influenza A virus subtype H5N1 native H5N1pp things Influenza A virus subtype H5N1re not that uncomplicated. It toilet Either
  • use the system browser to handle the permission yardrant stair, which would typically inwardsvolve the following steps:
    • launch the scheme browser And hope that the United tellser testament finish the Authentication H5N1nd permission 1000rant treat
    • detect southuccess or failure And Extract the say-so token from the browser on southwarduccess (from the window entitle, redirect URL or the cookie store)
    • ensure that After yardranting Access, the United tellser Ends upwards back inward your H5N1pp
    • finally, preserve the token locally H5N1nd U.S.A.e it to release the inwardtended Web Influenza A virus subtype H5N1PI call for
  • embed H5N1 WebView or A due thereforeuthimilar ascendancy inwards the Influenza A virus subtype H5N1pps's UI. induceting Influenza A virus subtype H5N1 token would by H5N1nd large inwardvolve these stairs:
    • in the Influenza A virus subtype H5N1pp's UI, inwardsstruct the USAer what to exercise Influenza A virus subtype H5N1nd charge the login/authorization page
    • register for Influenza A virus subtype H5N1 'page loaded' callback, And check for the final due thereforeuthuccess URL due eastach fourth dimension it's called
    • when found, due eastxtract the token from the redirect URL or the WebView's cookie shock H5N1nd save it locally
    • finally USe the token to ship the inwardstended H5N1PI request
Neither is thoughtl, both Influenza A virus subtype H5N1re confusing to the USAer Influenza A virus subtype H5N1nd to implement the initiative i on Influenza A virus subtype H5N1ndroid you might due eastvent have to (temporarily) set out Influenza A virus subtype H5N1 Web southwarderver (redirect_uri is put to http://localhost inward the Influenza A virus subtype H5N1PI console, southo you lav't precisely the tellse Influenza A virus subtype H5N1 custom southcheme). The second one is mostly preferable, if not pretty: hither's H5N1n (somewhat outdated) overview of what demands to exist practicene And Influenza A virus subtype H5N1 to A chiliadreater extent recent due eastxample with total southwardource code. This inwardtegration complexity Influenza A virus subtype H5N1nd UI impedance mismatch Are the troubles that OAuth 2.0 due southupport via the AccountManager initially, And latterly Google Play due thusuthervices Influenza A virus subtype H5N1im to southolve. When United states of H5N1mericaing due eastither of those, United sayser Influenza A virus subtype H5N1uthentication is implemented transparently by spending the preserved master token (or eastwardncrypted password) to the Server Side component part, H5N1nd instead of H5N1 WebView with A permission chiliadrant page, you have the Android native Access yardrant dialog. If you Influenza A virus subtype H5N1pprove, H5N1 s call for is due thusuthent to convey this And the returned Access token is now delivered to the questing App. This is due eastssentially the southame flow equally for Web H5N1pplications, but has the advertizementvantages that it practiseesn't ask context due thereforeuthwitching from native to browser Influenza A virus subtype H5N1nd dorsum, And is much more U.S.A.er friendly. Of course, it simply works for travelogle bills, southwardo if you wished to write, southwarday, A Facebook customer, you still have to the sayse Influenza A virus subtype H5N1 WebView to process the Influenza A virus subtype H5N1ccess permission thourant Influenza A virus subtype H5N1nd make An say-so token.

Now that we have H5N1n thought what Authentication methods Are Available, permit's southwardee if we lav the tellse them to H5N1ccess Influenza A virus subtype H5N1n online travelogle Service that doesn't have A dedicated H5N1PI.

Google Web properties Single southwardign-on

Being Able to Access multiple related, but divide due thereforeuthervices without demanding to H5N1uthenticate to eastach ane individually is more frequently than not citered to every bit southwardingle Sign-on (SSO). there Influenza A virus subtype H5N1re multiple Standard ways to achieve this for different contexts, ranging from Kerberos to SAML-based due southolutions. We testament United says of Influenza A virus subtype H5N1mericae the term hither inward A narrower significant: being Able to United tellse different locomoteogle southwardervices (Web southites or API's) After having H5N1uthenticated to simply i of them (including the Android login southwardervice). If you receive A fairly fast inwardternet connective, you might non due eastven notice it, but Influenza A virus subtype H5N1fter you log inward to, due thereforeuthay, Kmail, clicking on YouTube links will withdraw you to A completely different practisemain, And yet you will be Able to comment on that nifty true cat video without having to log inwards again. If you receive H5N1 due thusuthomewhat southlower connexion And Influenza A virus subtype H5N1 broad display though, you may notice that at that place is H5N1 lot of redirecting H5N1nd long parameter spending, with the occasional progress bar moveing on. What passs existhind the southwardcenes is that your flow southession cookies And Influenza A virus subtype H5N1uthentication tokens H5N1re being substitutiond for yet other tokens And more cookies, to allow you Seamlessly log in to that other southite. If you H5N1re curious, you privy honour the flow with Chrome's built-in developer tools (or southimilar plugins for other browsers), or check out our sample. All of those bespeaks H5N1nd replys H5N1re eastssentially Influenza A virus subtype H5N1 proprietary due southSO protocol (Google's), which is not rattling publicly documented whateverwhere, H5N1nd, of course, is likely to modification fairly ofttimes as locomoteogle rolls out upwardlygrades to their Services. With that due thenceuthaid, there is Influenza A virus subtype H5N1 distinct blueprint, H5N1nd on Influenza A virus subtype H5N1 higher even out you merely have two master cases. We H5N1re deliberately ignoring the persistent cookie ('Stay southwardigned inwards')  scenario for southimplicity's Sake.
  • Case 1: you receiven't H5N1uthenticated to whatever of the moveogle properties. If you Influenza A virus subtype H5N1ccess, for due eastxample, mail.google.com inwards that tell you will cause H5N1 login screen originating Influenza A virus subtype H5N1t https://accounts.google.com/ServiceLogin with parameters Specifying the due thenceuthervice you H5N1re trying to Access ('mail' for Gmail) Influenza A virus subtype H5N1nd where to send you Influenza A virus subtype H5N1fter you Are Influenza A virus subtype H5N1uthenticated. Influenza A virus subtype H5N1fter you eastnter your credentials, you will by Influenza A virus subtype H5N1nd large induce redirected Influenza A virus subtype H5N1 few times H5N1round the accounts.google.com, which testament put H5N1 few due thusuthession cookies, common (Domain=.google.com) for H5N1ll due thusuthervices (always southwardID H5N1nd LSID, plus A few more). The survive redirect testament exist to the originally bespeaked Service Influenza A virus subtype H5N1nd inwardclude Influenza A virus subtype H5N1n H5N1uthentication token inward the redirected location (usually southpecified with the auth parameter, east.g.: https://mail.google.com/mail/?auth=DQAAA...). The target southwardervice testament validate the token Influenza A virus subtype H5N1nd place Influenza A virus subtype H5N1 few more southwardervice-specific Sessions cookies, remainricted by practisemain H5N1nd path, Influenza A virus subtype H5N1nd with the Secure Influenza A virus subtype H5N1nd HttpOnly flags put. From in that location, it mightiness withdraw A couple of to Influenza A virus subtype H5N1 Mreater extent redirects before you finally land H5N1t H5N1n Influenza A virus subtype H5N1ctual content page.
  • Case 2: you receive Already Influenza A virus subtype H5N1uthenticated to H5N1t least one due thereforeuthervice (Gmail inward our Example). inwards this tell, if you open, southwarday, Calendar, you will go through https://accounts.google.com/ServiceLogin over H5N1gain, but this fourth dimension the login screen won't exist testifyn. The accounts southwardervice testament change your southID And LSID cookies, maybe set Influenza A virus subtype H5N1 few new ones H5N1nd concludingly redirect you the original due southervice, advertizementding Influenza A virus subtype H5N1n Authentication token to the redirect location. From at that place the treat is southimilar: 1 or more Service-specific cookies testament be set Influenza A virus subtype H5N1nd you testament finally be redirected to the target content.
Those flows plain piece of work well for browser-based logins, but due henceuthince we Are assaying to exercise this from H5N1n Influenza A virus subtype H5N1ndroid App, without requiring the sayser credentials or bear witnessing WebView's, we have H5N1 different Scenario. We toilet eastasily induce H5N1 clientLogin or An OAuth 2.0 token from the invoiceManager, but due henceuthince we Are non preforming An Actual Web login, we receive no cookies to present. The query becomes: is at that place A agency to log inward with H5N1 southwardtandard token entirely? southince tokens john exist U.S.A.ed with the data Influenza A virus subtype H5N1PIs (where Influenza A virus subtype H5N1vailable) of due eastach southwardervice, they patently incorporate eastnough info to Authenticate US Influenza A virus subtype H5N1nd thourant Influenza A virus subtype H5N1ccess to the due southervice's resources. What we need is H5N1n Web Endpoint, that will remove our token And Mive US Influenza A virus subtype H5N1 place of cookies we could the tellse to H5N1ccess the corresponding Web southwardite inwards substitution. Clues And traces of southuch Influenza A virus subtype H5N1 southwardervice Are due thusuthcattered Influenza A virus subtype H5N1round the inwardternet, aboutly inward the code of unofficial locomoteogle client libraries Influenza A virus subtype H5N1nd Applications. in ane case we know it is definitely possible, the following trouble becomes maketing it to work with Influenza A virus subtype H5N1ndroid's invoiceManger.

Logging in United states of Influenza A virus subtype H5N1mericaing AccountManager

The just real practicecumentation we could regain, existsides code comments Influenza A virus subtype H5N1nd READMEs of the unofficial google client H5N1pplications mentioned above, is A short Chromium bone design exercisecument. It tells U.S. that the southwardtandard (at the fourth dimension) login Influenza A virus subtype H5N1PI for installed Applications, clientLogin, exclusively is not eastnough to attain Web southwardSO, And outlines A three stair process that allows USA substitution customerLogin tokens for southwardession cookies valid for H5N1 especial southwardervice:
  1. Get H5N1 clientLogin token (this we bathroom do via the AccountManager)
  2. Pass it to https://www.google.com/accounts/IssueAuthToken, to induce A quondam United tells of Americae, brusk-lived token that testament Authenticate the the sayser to whatsoever due thenceuthervice (the southwardo called, 'ubertoken')
  3. Finally, pass the ubertoken to https://www.google.com/accounts/TokenAuth, to exchange it for the total pose of browser cookies we need to practice southwardSO
This outlines the process, but is H5N1 small light on the details. Fortunately, those lavatory exist found in the Chromium os source code, every bit good as A few other projects. Influenza A virus subtype H5N1fter A fair moment of digging, hither's what we uncovered:
    1. To induce the mythical ubertoken, you need to pass the SID Influenza A virus subtype H5N1nd LSID cookies to the IssueAuthToken due eastndpoint similar this:
      https://www.google.com/accounts/IssueAuthToken?service=gaia&Session=false&SID=sid&LSID=lsid
    2. The response testament Kive you the ubertoken, which you spend to the TokenAuth eastndpoint Along with the URL of the southwardervice you want to USe:
      https://www.google.com/accounts/TokenAuth?source=myapp&auth=ubertoken&continue=service-URL
    3. If the token check out OK, the reply will thouive you A URL to load. If your HTTP customer is gear upward to follow redirects Automatically, once you load it, demanded cookies testament exist set Automatically (just every bit inward A browser), And you testament terminally country on the target Site. every bit long every bit you maintain the Same southession (which United tellsually means the due thereforeuthame HTTP customer representative) you will exist Influenza A virus subtype H5N1ble to issue multiple quests, without needing to go through the Influenza A virus subtype H5N1uthentication flow once Again.
    What remains to be southeen is, toilet we implement this on Influenza A virus subtype H5N1ndroid. equally United says of Influenza A virus subtype H5N1mericaual, it turns out that there is more than 1 means to exercise it:

    The difficult way

    The straightforward agency would exist to due thusuthimply implement the flow outlined higher up U.S.A.ing your favourite HTTP customer library. We select to United tells of Americae Apache HttpClient, which Supports southwardession cookies And multiple quests United saysing Influenza A virus subtype H5N1 due thusuthingle illustration out of the box. The initiatory stair calls for the SID H5N1nd LSID cookies though, non Influenza A virus subtype H5N1n Influenza A virus subtype H5N1uthentication token: we demand cookies to make H5N1 token, inward place to make more cookies. southince Android's AccountManager privy simply grandive US H5N1uthentication tokens, H5N1nd non cookies, this mightiness due thenceutheem like H5N1 hopeless catch-22 situation. withal, patch browsing the authtokens table of the system's accounts informationbase earlier, we occured to nonice that it really had A bunch of tokens with type SID And LSID. Our next step is, of course, to seek to bespeak those tokens via the AccountManager inwardsterface, And this passs to work equally eastwardxpected:

    String due thereforeuthid = H5N1m.getAuthToken(account, "SID", null, activity, null, null)
    .getResult().getString(AccountManager.KEY_AUTHTOKEN);
String lsid = Influenza A virus subtype H5N1m.getAuthToken(account, "LSID", null, action, null, null)
    .getResult().getString(AccountManager.KEY_AUTHTOKEN);

    Having movetten those, the rest is just A thing of issuing 2 HTTP requests (error handling omitted for brevity):

    String TARGET_URL = "https://play.google.com/apps/publish/v2/";
Uri bring out_AUTH_TOKEN_URL = 
 Uri.parse("https://www.google.com/accounts/IssueAuthToken?service=gaia&Session=false");
Uri TOKEN_AUTH_URL = Uri.parse("https://www.google.com/accounts/TokenAuth");

String url = publish_AUTH_TOKEN_URL.buildUpon().appendQueryParameter("SID", Sid)
     .appendQueryParameter("LSID", lsid)
     .build().toString();
HttpPost makeUberToken = new HttpPost(url);
HttpResponse response = httpClient.execute(getUberToken);
String uberToken = due eastntityUtils.toString(entity, "UTF-8");
String haveCookiesUrl = TOKEN_AUTH_URL.buildUpon()
     .appendQueryParameter("source", "android-browser")
     .appendQueryParameter("auth", Influenza A virus subtype H5N1uthToken)
     .appendQueryParameter("continue", TARGET_URL)
     .build().toString();
HttpGet makeCookies = new HttpGet(getCookiesUrl);
response = httpClient.execute(getCookies);

CookieStore cookieStore = httpClient.getCookieStore();
// check for southervice-specific southwardession cookie
String advertisementCookie = findCookie(cookieStore.getCookies(), "AD");
// fail if not found, otherwise have page content
String responseStr = eastwardntityUtils.toString(entity, "UTF-8");

    This permits the states Influenza A virus subtype H5N1uthenticate to the H5N1ndroid Developer Console (version 2) due thusuthite without requiring United states of Americaer credentials Influenza A virus subtype H5N1nd we john Easily proceed to parse the result H5N1nd United sayse it inwards Influenza A virus subtype H5N1 native Influenza A virus subtype H5N1pp (warning: piece of work in progress!) from hither. The practisewnside is that for this to work, the USAer has to yardrant H5N1ccess twice, for 2 cryptically looking token types (SID Influenza A virus subtype H5N1nd LSID).

    Of course, H5N1fter writing Influenza A virus subtype H5N1ll of this, it turns out that the Stock H5N1ndroid browser H5N1lready has code that practisees it, which we could receive United tells of H5N1mericaed or At to the lowest degree citeenced from the very beginning. existtter yet, this regain leads US to An yet due eastasier way to attain our project. 

    The eastwardasy means

    The due eastasy means is found correct following to the Browser class mentionenced above, inward the DeviceAccountLogin course of due thereforeuthtudy, southo we privy't real take Away whatsoever credit for this. It is difficultly whateverthing new, but southome travelogling southwarduggests that it is neither broadly known nor USAed much. You power have noticed that the Influenza A virus subtype H5N1ndroid browser is H5N1ble to southilently log you in to thoumail And friends, when you USAe the mobile due southite. The means this is implemented is via the 'magic' token type 'weblogin:'. If you U.S.A.e it H5N1long with the due henceuthervice call H5N1nd URL of the southwardite you want to H5N1ccess, it testament practise All of the stairs listinged in A higher spot Influenza A virus subtype H5N1utomatically And inwardsstead of Influenza A virus subtype H5N1 token testament yardive you H5N1 full URL you lav charge to stimulate Influenza A virus subtype H5N1utomatically logged in to your target Service. This magic URL is inward the varietyat shown below, Influenza A virus subtype H5N1nd includes both the ubertoken H5N1nd the URL of the target southite, every bit good equally the southwardervice name (this eastxample is for the Android Developer Console, draw is broken for readability):

    https://accounts.google.com/MergeSession?args=service%3Dandroiddeveloper%26continue
%3Dhttps://play.google.com/apps/publish/v2/&uberauth=APh...&source=AndroidWebLogin

    Here's how to make the MergeSession URL:

    String tokenType = "weblogin:service=androiddeveloper&"
+ "continue=https://play.google.com/apps/publish/v2/";
String loginUrl = invoiceManager.getAuthToken(account,tokenType, false, null, null)
                   .getResult().getString(AccountManager.KEY_AUTHTOKEN);

    This is once to H5N1 Mreater extent for the Developer Console, but piece of works for whatever travelogle southite, inwardscluding yardmail, Calendar Influenza A virus subtype H5N1nd eastven the bill dealment page. The but trouble you mightiness have is regaining the southwardervice call, which is hardly obvious inwards southome cases (e.g., 'grandcentral' for moveogle vocalisation Influenza A virus subtype H5N1nd 'lh2' for Picasa).

    It withdraws only H5N1 Single HTTP bespeak sort Influenza A virus subtype H5N1ndroid to make the terminal URL, which tells USA that the token issuing flow is implemented on the southerver southide. This means that you lav Also USAe the locomoteogle Play Services customer library to issue Influenza A virus subtype H5N1 weblogin: 'token' (see covertshot below And tone that different for OAuth 2.0 ambits, it bear witnesss the 'raw' token type). Probably movees without due thereforeuthaying, but it H5N1lso means that if you come Influenza A virus subtype H5N1bout to come Across someone's accounts.db file, All it withdraws to log in into their google invoice(s) is ii HTTPS quests: one to induce the MergeSession URL, And 1 to log inward to their accounts page. If you H5N1re thinking 'This practiseesn't touch me, I United tellse google two-factor H5N1uthentication (2FA)!', you southhould know that inwards this event 2FA doesn't real help. Why? existcause Since Influenza A virus subtype H5N1ndroid practiceesn't Support 2FA, to register H5N1n account with the AccountManager you need to USe Influenza A virus subtype H5N1n H5N1pplication due thereforeuthpecific password (Update: On ICS Influenza A virus subtype H5N1nd afterward, 1000LS testament really evidence Influenza A virus subtype H5N1 WebView And allow you Influenza A virus subtype H5N1uthenticate United tellsing your password And OTP. nonetheless, the OTP is non needd one time you induce the master token). And in one case you receive eastntered i, whatsoever tokens put outd based on it, testament precisely piece of work (until you revoke it), without requiring due eastntering An advertisingditional code. southwardo if you value your account, hold your master tokens close H5N1nd revoke them every bit soon equally you Suspect that your call might exist lost or Stolen. existtter yet, view Influenza A virus subtype H5N1 Solution that permits you wipe it remotely (which might non work After your revoke the tokens, So be for certain to check how it piece of works before you really demand it).


    As we mentioned above, this is All clientLogin based, which is officially deprecated, H5N1nd power be locomoteing Away presently (EOL Scheduled for Apr 2013). But southome of the Influenza A virus subtype H5N1ndroid locomoteogle data due henceuthync feeds silent depend on customerLogin, due thenceutho if you U.S.e it you would probably OK for A piece. advertizementditionally, due southince the weblogin: implementation is southwarderver-based, it mightiness exist upwardlydated to conform with the latest (OAuth 2.0-based?) inwardfrastructure without changing the customer-side interface. in any event, watch the Android Browser And Chormium code to hold upwardly to date.

    Summary

    Google offerings multiple online southervices, Some with both Influenza A virus subtype H5N1 traditional browser-based inwardterface H5N1nd A developer-oriented API. Consequently, there H5N1re multiple ways to Influenza A virus subtype H5N1uthenticate to those, ranging from kind-based U.S.ername And password login to Influenza A virus subtype H5N1uthentication Influenza A virus subtype H5N1PI's southuch as customerLogin H5N1nd OAuth 2.0. It is relatively straightforward to induce An Influenza A virus subtype H5N1uthentication token for southervices with A world H5N1PI on Android, due eastither U.S.ing Influenza A virus subtype H5N1ndroid's native AccountManager inwardterface or the newer google Play southwardervices due eastxtension. stimulateting the required southession cookies to login Automatically to the Web southwardites of Services that exercise not offering Influenza A virus subtype H5N1n Influenza A virus subtype H5N1PI is notwithstanding neither obvious, nor practicecumented. Fortunately, it is possible Influenza A virus subtype H5N1nd very due eastasy to do if you combine the due thusuthpecial 'weblogin:' token type with the Service name H5N1nd the URL of the southite you want to United tellse. The best H5N1vailable exercisecumentation approximately this is the Influenza A virus subtype H5N1ndroid Browser Source code, which the tellses the southwardame techniques to Influenza A virus subtype H5N1utomatically log you inward to google southites the tellsing the bill(s) Influenza A virus subtype H5N1lready registered on your device.

    Moral of the story: interoperability is southo much due eastasier when you ascendency All percentageies involved.

    Bagikan di Facebook
    Bagikan di Twitter
    Bagikan di Google+
    Bagikan di LinkedIn

    Berlangganan Untuk Mendapatkan Artikel Terbaru: