Sunday, February 17, 2013

OAuth Complications

Recently, tackling an interesting problem regarding OAuth 2. We want to allow the user to be able to register via Google OAuth on a mobile app and simultaneously store their records on the server (email address etc.) In addition to that, we also need offline access via a token (refresh token). If the user registers via the mobile app, we need to grab this offline access token, send it to the server, which should return a cookie. Then from there, the mobile app can process as it normally does and push the requisite data to the server.

Update:
Seems like Google Play Services only allows you to get an access token (not a refresh token), which is a shame because the Account Chooser is a pretty slick feature (no need for the user to enter in a username or password). I added in a quick async task to check what the token is, spitting it out onto LogCat.


  // Fetches the token successfully and shows in LogCat as async thread
  private class fetchToken extends AsyncTask<Void, Void, Void> {

    /* (non-Javadoc)
     * @see android.os.AsyncTask#doInBackground(Params[])
     */
    @Override
    protected Void doInBackground(Void... params) {
      // TODO Auto-generated method stub
        try {
          String token = credential.getToken();
          Log.d("calendar", token);
        } catch (IOException exception) {
          // TODO Auto-generated catch block
          exception.printStackTrace();
        } catch (GoogleAuthException exception) {
          // TODO Auto-generated catch block
          exception.printStackTrace();
        }
        return null;
    }
  }

Returning:  ya29.AHE.....  (an access token). 
The challenge is to figure out how to get a refresh token for the server, as we cannot assume that the user will onboard on the web app first.

No comments:

Post a Comment