检查设备谷歌帐户进行身份验证,才让我的离线访问应用 [英] Check if a device google account is authenticated, only then allow access to my offline app
问题描述
我有一个私人应用程序,它的工作原理完全脱机(发送/收到即无服务器的数据),但是我有一个需要将其限制只能用自己的手机上有一个有效谷歌帐户的用户。我可以确保有手机通过遍历电话帐户列表上一个合适的帐户,但有可能检查帐户有效/没有我不得不引进全过程的OAuth认证?我有没有必要让一个cookie或任何数据发送到服务器。
I have a private app which works totally offline (i.e. no server data sent/recieved), however I have a need to restrict it only to users with a valid Google account on their phone. I can get make sure there is a suitable account on the phone by iterating a list of phone accounts, but is it possible to check the account is valid/authenticated without me having to introduce the full OAuth process? I have no need to get a cookie or send any data to a server.
在理想情况下,我想这样做:
1.检查与一个身份验证令牌的客户经理。
2.如果令牌收到就可以访问应用程序。
目前还没有通过客户经理的任何检查,任何人都可以在手机上创建一个假帐户,然后访问即使他们把电子邮件/密码,也绝对不会被授权。
Ideally I'd like to do something like: 1. Check with the account manager for an auth token. 2. If token recieved then allow access to the app. Currently without any checks via the account manager, anyone could create a fake account on the phone and then gain access even if they put in a email/password and they would never be authorised.
我希望我已经解释清楚这一点。由于我的应用程序没有网络连接,所以我想避免添加任何我自己的网络/ OAuth的检查。
I hope I've explained this clearly. As my app has no network connectivity so I would like to avoid adding any of my own network/oauth checking.
推荐答案
这个是什么:
AccountManager manager = AccountManager.get(this);
Account[] accounts = manager.getAccountsByType("com.google");
final boolean connected = accounts != null && accounts.length > 0;
连接的布尔将表明,如果有一个连接谷歌帐户在手机中。
The connected boolean will indicate if there is a connected Google account in the phone.
事实上也不会有令牌上的任何检查,但如果帐户的注册手机上,那么谷歌之前,检查它,服务器端,来验证它...
Indeed there won't be any check on the token, but if the account is registered on the phone, then Google checked it before, server-side, to validate it...
这篇关于检查设备谷歌帐户进行身份验证,才让我的离线访问应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!