如何使的AccountManager（的authToken）和OpenID的协同工作（不应用引擎）？ [英] How to make AccountManager (authtoken) and OpenID work together (without AppEngine)?

问题描述

我想提出一个Android应用程序，它应该能够从一个web服务的数据（这是不是GAE的一部分）。用户可以通过使用OpenID登录浏览器登录到Web服务（仅限于谷歌帐户允许）。

I am making an Android app which should be able to get data from a web service (which is not part of GAE). Users are able to log in to web service through their browser by using OpenId (only Google accounts are allowed).

的AccountManager可以给我的authToken。我可以与用户的谷歌帐户名（电子邮件）保存此的authToken我的服务器上，在一起，然后用这个帐户名称与应用程序注册连接他的OpenID登录。

AccountManager can give me authtoken. I could save this authtoken on my server, together with user's google account name (email) and then use this account name to connect his openid login with app registration.

但是，这并没有解决任何问题，因为我没有办法来验证对用户的OpenID信息由此看来......还是我？我以为我可以使用用户的authToken，以某种方式链接他的机器人账号的网络帐户。

But this does not solve anything because I have no way to verify this token against user's OpenID information... Or do I? I thought I could use user's authtoken to "somehow" link his android account to the web account.

这看起来越来越像一个错误的方式来处理这个问题，但我不希望为用户节省谷歌的用户名/密码共享preferences并利用这些数据进行登录。

This looks more and more like a wrong way to handle this but I do not want to save users Google's username/password in SharedPreferences and use these data for login.

任何创造性的想法？谢谢

Any creative ideas? Thanks

推荐答案

我解决了这个确切的问题，我的应用程序推送操作 - HTTP ：//www.pushactions.com 。对于我的解决方案，我没有最终使用GAE，但只有令牌进行身份验证。实际的推操作的应用程序托管在Heroku上。这里是我的流程：

I solved this exact issue for my app Push Actions - http://www.pushactions.com. For my solution, I did end up using GAE, but only to authenticate the token. The actual Push Actions app is hosted on Heroku. Here's my flow:

1. 在Android应用程序生成GAE令牌然后投递令牌和放大器;该帐户的电子邮件 地址推进运行操作 Heroku的
2. 按操作岗位的令牌给我的服务在GAE上运行
3. 的GAE服务需要的标记，确定它是否是有效的，并返回该电子邮件地址是有效的
4. 按操作对由GAE从Android应用程序的电子邮件地址返回的电子邮件地址，如果匹配，该令牌是有效的电子邮件地址。这意味着令牌可以与谷歌用户的OpenID的电子邮件地址被安全相关的。

1. Android app generates GAE token then posts the token & the account's email address to Push Actions running on Heroku
2. Push Actions posts the token to my service running on GAE
3. The GAE service takes the token, determines if it is valid, and returns the email address it is valid for
4. Push Actions compares the email address returned by GAE with the email address from the android app, if they match, the token is valid for that email address. This means the token can be safely associated with the google user's openid email address.

据我所知，这是唯一的方法，以验证是否通过的AccountManager生成的令牌是有效的。诚然，它确实需要使用GAE的，但只有一小部分整体的应用程序中。我的GAE服务最终成为像1级和code几行，所以它并不多。你可以把GAE片作为认证令牌提供的谷歌服务的。

As far as I know, this is the ONLY way to verify if a token generated by AccountManager is valid. True, it does require the use of GAE, but only for one small piece of your overall app. My GAE service ended up being like 1 class and a few lines of code, so it isn't much. You can think of the GAE piece as a service provided by google for authenticating tokens.

下面是code我的GAE服务：

Here is the code for my GAE service:

package com.pushactions;

import java.io.IOException;
import java.util.logging.Logger;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.google.appengine.api.users.User;
import com.google.appengine.api.users.UserService;
import com.google.appengine.api.users.UserServiceFactory;

@SuppressWarnings("serial")
public class PushActionsAuthServlet extends HttpServlet {
    private static final Logger log = Logger.getLogger(HttpServlet.class.getName());

    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
        UserService userService = UserServiceFactory.getUserService();
        User user = userService.getCurrentUser();
        if (user != null) {
            req.setAttribute("user", user);
            try {
                req.getRequestDispatcher("/logged_in.jsp").forward(req, resp);
            } catch (ServletException e) {
                log.severe("Couldn't redirect to logged_in.jsp");
            }
        } else {
            try {
                req.getRequestDispatcher("/logged_out.jsp").forward(req, resp);
            } catch (ServletException e) {
                log.severe("Couldn't redirect to logged_out.jsp");
            }
        }
    }
}

logged_in.jsp：

logged_in.jsp:

<%@ page import="com.google.appengine.api.users.User" %>
<% User user = (User)request.getAttribute("user"); %>
<?xml version="1.0" encoding="UTF-8"?>
<result>
<status>ok</status>
<user_name><%= user.getEmail() %></user_name>
</result>

logged_out.jsp：

logged_out.jsp:

<%@ page import="com.google.appengine.api.users.User" %>
<% User user = (User)request.getAttribute("user"); %>
<?xml version="1.0" encoding="UTF-8"?>
<result>
<status>error</status>
<message>not logged in</message>
</result>

这篇关于如何使的AccountManager（的authToken）和OpenID的协同工作（不应用引擎）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！