使用Android AccountManager验证服务器的用户 [英] Using Android AccountManager to authenticate users for a server

问题描述

我正在编写一个具有服务器连接的Android应用程序.我想在Android设备上对应用程序的用户进行身份验证，并让服务器知道此操作已完成.

I'm writing an Android application which has a server connection. I would like to authenticate the app's user on the Android device and let the server know this has been done.

假设用户具有:

1. 在用于Google和Facebook的Android设备(这些是我当前感兴趣的)中输入了他/她的凭据
2. 允许应用程序在Android设备上使用存储的凭据
3. 该应用程序已成功从Android的AccountManager获取了详细信息(帐户用户和令牌)

1. entered his/her credentials in the Android device for Google and Facebook (these are the ones I'm currently interested in)
2. allowed the application to use the stored credentials on the Android device
3. the application acquired the details (account user and token) from Android's AccountManager successfully

我现在想正确并安全地让服务器知道设备上的应用已对用户进行了身份验证.服务器如何验证这不是假的?是否可以在不需要用户交互的情况下通过服务器上的Google和Facebook验证令牌?

I would like now to correctly and securely let the server know the app on the device has authenticated the user. How can the server validate that this isn't bogus? Is there a way to validate a token with Google and Facebook on a server without requiring user interaction?

谢谢.

推荐答案

您应该看一下这个问题: 生成设备专用的序列号

you should take a look at this question: Generating Device-Specific Serial Number

您可以根据其使用的服务来获取帐户名，例如:

you can take the account name based on the service it uses, like:

AccountManager am = AccountManager.get(this); // "this" references the current Context

Account[] accounts = am.getAccountsByType("com.google");

但是您必须在清单中声明它，并要求用户验证权限.

but you must declare it in manifest and ask the user to validate the permission.

这篇关于使用Android AccountManager验证服务器的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！