oauth - google+ api signin for both android app and server -


my app has android client communicating own back-end server. want use google api handle user authorisation me (using google+ account), user not need sign separate account app.

by following docs here https://developers.google.com/+/web/signin/server-side-flow

my understanding of authentication flow shown below. not sure correct, because sounds hijecking google api purpose

  1. user login on android
  2. android client 1 time access code , send server.
  3. my server exchange refresh token , access token. (if exchange successful, user authenticated)
  4. if user authenticated, generates access token on server, gives android client. android client can subsequently use token call server's api.

especially, doubtful point 3. exchange access code google refresh token , access token, never use them. purpose of exchange check whether user has been authorised google. not sounds quite correct? if not , way it?

this may others.

after receive access_token in server, execute curl/network request google server.

for example (in php) :

<?php   $access_token=$_get['access_token']; //get access token  $google_api_url="https://www.googleapis.com/plus/v1/people/me?access_token=". $access_token; // create google api url access_token  $c=curl_init($google_api_url); // create network request google server  curl_setopt($c,curlopt_returntransfer,true);  $result=curl_exec($c); //execute request , response google server    var_dump($result); //print result 

result output (in json) :

if access_token valid

{  "kind": "plus#person",  "gender": "male",  "emails": [   {    "value": "arr.mohd@gmail.com",    "type": "account"   }  ],  "objecttype": "person",  "id": "101571740244190011262",  "displayname": "rafique mohammed",  "name": {   "familyname": "mohammed",   "givenname": "rafique"  },  "url": "https://plus.google.com/101571740244190011262",  "image": {   "url": "https://lh6.googleusercontent.com/-pxirx5gnkwe/aaaaaaaaaai/aaaaaaaaaeg/99wwmsh16p8/photo.jpg?sz=50",   "isdefault": false  },.... //etc 

if access_token invalid

   {      "error": {       "errors": [        {         "domain": "global",         "reason": "autherror",         "message": "invalid credentials",         "locationtype": "header",         "location": "authorization"        }       ],       "code": 401,       "message": "invalid credentials"      }     } 

thank you


Comments

Popular posts from this blog

matlab - "Contour not rendered for non-finite ZData" -

delphi - Indy UDP Read Contents of Adata -

javascript - Any ideas when Firefox is likely to implement lengthAdjust and textLength? -