Android 中的 OAuth 实例状态 [英] OAuth instance state in Android

问题描述

我正在尝试在 Android 应用中使用 OAuth.我让它正常工作，但有时在身份验证阶段遇到问题.在 Android 中，我启动浏览器供用户登录和验证.然后回调 url 将重定向回我的应用程序.

I'm trying to use OAuth in an Android app. I have it working correctly but have sometimes run into a problem during the authentication phase. In Android, I launch the browser for the user to login and authenticate. Then the callback url will redirect back to my application.

问题来了.我的应用程序有一个 OAuth 使用者和提供者作为我的主类的成员.启动浏览器进行身份验证时，有时会丢弃我的主要 Activity 以节省内存.当回调 url 重新启动我的主要活动时，提供者和消费者是新实例，因此当我尝试向 api 发出请求时不起作用.如果在身份验证阶段未释放主 Activiy，则一切正常，因为我仍在使用原始使用者和提供者.

Here is the problem. My application has a OAuth consumer and provider as members of my main class. When the browser is launched for authentication, sometimes my main Activity is discarded to save memory. When the callback url relaunches my main Activity, the provider and consumer are new instances and therefor don't work when I try to make a request to the api. If the main Activiy was not freed during the authentication phase, then everything works correctly because I'm still working with the original consumer and provider.

我尝试使用 onSaveInstanceState() 和 onRestoreInstanceState()，但没有成功.处理我的回调 url 时，似乎没有调用 onRestoreInstanceState().似乎直接进入onResume().

I tried using onSaveInstanceState() and onRestoreInstanceState(), but haven't been successful. It seems the onRestoreInstanceState() is not called when my callback url is handled. Seems to go straight to the onResume().

在这种情况下持久化消费者和提供者的正确方法是什么?

What is the correct method for persisting the consumer and provider in this case?

推荐答案

完整的保存/恢复解决方案

除了request_token 和token_secret，isOauth10a() 状态对于在提供者中恢复很重要.未来可能会有更多的状态信息.因此，我最喜欢持久和加载解决方案.

Apart from the request_token and token_secret, the isOauth10a() state is important to be restored in the provider. There could be more state information in the future. Hence, I like the persist and load solution the best.

我扩展了 GrkEngineer 的解决方案，使其更加完整.它保存/恢复提供者和消费者，处理所有异常，并在恢复时设置 httpClient.

I extended GrkEngineer's solution to be more complete. It saves / restores both the provider and consumer, handles all exceptions, and sets the httpClient while restoring.

protected void loadProviderConsumer()
{
  try {
    FileInputStream fin = this.openFileInput("tmp_provider.dat");
    ObjectInputStream ois = new ObjectInputStream(fin);
    provider = (CommonsHttpOAuthProvider) ois.readObject();
    provider.setHttpClient(httpClient);
    ois.close();
    fin.close();

    fin = this.openFileInput("tmp_consumer.dat");
    ois = new ObjectInputStream(fin);
    consumer = (CommonsHttpOAuthConsumer) ois.readObject();
    ois.close();
    fin.close();

    Log.d("OAuthTwitter", "Loaded state");
  } catch (FileNotFoundException e) {
    e.printStackTrace();
  } catch (StreamCorruptedException e) {
    e.printStackTrace();
  } catch (IOException e) {
    e.printStackTrace();
  } catch (ClassNotFoundException e) {
    e.printStackTrace();
  }
}

protected void persistProviderConsumer()
{

  try {
    FileOutputStream fout = this.openFileOutput("tmp_provider.dat", MODE_PRIVATE);
    ObjectOutputStream oos = new ObjectOutputStream(fout);
    oos.writeObject(provider);
    oos.close();
    fout.close();

    fout = this.openFileOutput("tmp_consumer.dat", MODE_PRIVATE);
    oos = new ObjectOutputStream(fout);
    oos.writeObject(consumer);
    oos.close();
    fout.close();

    Log.d("OAuthTwitter", "Saved state");
  } catch (FileNotFoundException e) {
    e.printStackTrace();
  } catch (IOException e) {
    e.printStackTrace();
  }
}

我已经测试了这段代码并且可以正常工作.

I have tested this code and it works.

这篇关于Android 中的 OAuth 实例状态的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！