Android Tutorial OAuth 2.0 / Google web services tutorial

This tutorial is no longer relevant. Google doesn't allow using WebView to access the server response. Updated tutorial: https://www.b4x.com/android/forum/threads/class-b4x-google-oauth2.79426/

OAuth is an authentication method which allows the user to grant your application access to private information in a controlled way.

In order to access private information you need to get an access token.

There are several steps required (the attached code takes care for most of the steps):
- Register your application with Google. You will get "client id" and "client secret" values.

SS-2012-01-30_17.36.26.png


In order to run this example you will need to first register a new application and fill ClientId and ClientSecret variables: https://code.google.com/apis/console


- In your application you should show a WebView that handles the authentication.
(the user default language is used in this dialog)
The scope parameter should be set based on the required service.

SS-2012-01-30_17.38.36.png


After the user approves the access the WebView is redirected to a different page. The authorization code appears in the page title. We extract it using WebViewExtender library. After extracting the code the WebView is removed.

- Another Http call is required to get the access token.

Once we have the access token we can send requests that access the user's private data.
In the attached example we retrieve the user Gmail contacts list.

OAuth 2.0 is a popular authentication method. It shouldn't be difficult to use this code with other web services such as Twitter, Facebook and others. It is much simpler than OAuth 1.0.
The following libraries are required: HTTP, JSON (to parse the access token request) and WebViewXtended (to get the authorization code from the WebView title).
The attached example also requires XmlSax for the contacts feed parsing.

You will need to register a new application with Google in order to run the example. Once registered you should fill CliendId and ClientSecret variables.
It takes two minutes to register a new application.
 

Attachments

  • GmailContacts.zip
    8.1 KB · Views: 1,026
Last edited:

sally3599

Member
Licensed User
Longtime User
everytime need to input email and password again!!

The login page hasn't a checkbox of "Stay signed in", So everytime it needs to input email and password again and again when click the button of "Get Contacts List"!!

Is there any solution to "Stay signed in"?
 

Attachments

  • sshot-1.jpg
    sshot-1.jpg
    52.8 KB · Views: 457

TeoApp

Member
Licensed User
Longtime User
You should go over their documentation: https://developers.google.com/drive/about-auth

I haven't tried it.

Thanks Erel, I tried to use your example customing some lines for obtain the possibility to manage the files in google drive. I have a problem, google response seems json but i can't parse it. How can i have in a map "title" and "downloadUrl" from the response in the pict?

Thanks in advance
 

Attachments

  • responseGoogle.jpg
    responseGoogle.jpg
    33.3 KB · Views: 403

TeoApp

Member
Licensed User
Longtime User
You can parse Json with the Json library.

Yes, I've already done this but I can't navigate in json. The response is a string like this
{
"items": [
{
"id": "0BxCOFgqidFexN2hiQUs5b2",
"title": "Marostica.jpg",
"originalFilename": "Marostica.jpg"
},
{
"id": "0BxCOFgqidFexTmRadktXh",
"title": "Marostica.jpg",
"originalFilename": "Marostica.jpg"
}
]
}

I used
Dim Parser As JSONParser
Dim map1 As Map
Parser.Initialize("example string")
map1 = Parser.NextArray <-- I have an error here

instead, if I use Parser.NextObject
I obtain null with
map1.Get("title")
and all string with this
map1.GetValueAt(0))

My target is to obtains "id","title" etc..Obvious I can with some alternative way (substring etc.) but I'd like to manage correctly json ;)
Thanks in advance
 

SunilG

New Member
Licensed User
Longtime User
Cant seem to get this to work. When I register my app Google doesn't give me a client secret. I have a client ID and it shows me the package name of the app and the SHA1 certificate fingerprint of the keystore file for the app which I got from running the the keytool program distributed with Java but it doesn't show me a client secret?

Z7eOxSSd.jpg
Hi, Could you get the secret key then. I am also trying but not getting secret key like ur case.
 

SunilG

New Member
Licensed User
Longtime User
Hi Erel,

I want to develop one applicatiohn which will use ask user to enter his gmail user name and password .Once authenticated , application will allow access to some other activities .If not autheticated then application
will give an error and will not allow user to proceed.

Please let me know how can i do this . Is there any application available ?
Regards,
Sunil
 

SunilG

New Member
Licensed User
Longtime User
Have you clicked on the "Create New Client Id" button?

Yes , I created below client ID . It doesnt have secret key. But there is secret key for Web Application and not for android application .
Please let me know where i am going wrong.
upload_2013-12-22_14-46-4.png
 

SunilG

New Member
Licensed User
Longtime User
The whole idea of OAuth is that the user doesn't need to provide your app with his username and password.

When you create a new client id, you should choose Install app - Other. you should get a client secret field.
Thanx Erel. It worked by selecting Install app- Other Option . However , My I would like to reiterate my main objective

I want user to enter his google apps id like xxxx@gmail.com and his gmail password. After this he click on login . The application should authenticate the gmail login and password .If login is successful then this user is authenticated user and application can allow him to proceed further . Please let me know how can i achieve this functionality.

Thanx in Advance Erel.
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
I want user to enter his google apps id like xxxx@gmail.com and his gmail password.
In that case your question is not related to OAuth at all. You will need to find the relevant Gmail API. However this is not the recommended way. You should instead follow the instructions here that give you access to the contacts without asking for the password.
 

young61

Member
Licensed User
Longtime User
Ok, I'm trying to use this example with CoinBase and I think I'm close but I'm not sure what to replace "Success Code" with. See code snippet for what I'm asking. This is cut from the GmailContacts file. I've modified mine except for the "Succees Code" issue.

Sub wv_PageFinished (Url As String)
Msgbox("Page " & Url & " is ready.", "")
If Url.StartsWith("https://accounts.google.com/o/oauth2/approval") Then
Dim wv As WebView
wv = Sender
Dim w As WebViewXtender
Dim result As String
result = w.getTitle(wv)
wv.RemoveView 'remove the WebView
If result.StartsWith("Success code") Then 'How do I know what I"m looking for?
AuthorizationCode = result.SubString("Success code=".Length)
GetAccessToken
Else
Button1.Enabled = True
Log("Error: " & result)
ToastMessageShow(result, True)
End If
End If
End Sub

Help will be appreciated.
 

young61

Member
Licensed User
Longtime User
Please use [ code ] [ /code ] tags (without spaces) when posting code.

What is the value of Log(result.GetString) ?

I'm not sure where/how to find that value.

I have it working to the point that I receive the Coinbase "Authorize" screen and when I click on the "Authorize" button the screen just whites out.
 
Top