3

Currently, I can authenticate against my webapp using OpenID (with Google as the provider). My Android app goes through the usual OpenID authentication flow. However, I would like to use the Google account associated with the Android device instead of requiring users to type in their username/password. Is this possible?

I've been playing around with the AccountManager, but it only seems to allow authenticating for Google services. It may be that I haven't found the appropriate auth token type.

Aaron Dufour
  • 17,288
  • 1
  • 47
  • 69
  • Dupe of http://stackoverflow.com/questions/3352592/webservice-credentials-openid-android-accountmanager and http://stackoverflow.com/questions/9259202/android-authentication-with-google-openid-what-next - short answer is that you can't use OpenID but you can use OAuth and then using OAuth verify the email address associated with account. – Roger Binns Aug 09 '12 at 02:11
  • @RogerBinns Can you expand on that? Neither of those links discuss using OpenID; they both only touch on OAuth (except for an answer about using a webview rather than AccountManager, which is our current solution). – Aaron Dufour Aug 22 '12 at 13:50
  • 1
    You cannot use OpenID as it is fundamentally web based. It provides terrible usability for Android users (although is the norm for iOS!) You can meet the goal of letting the user sign in with their AccountManager credentials and verifying those on your server side using OAuth by using the techniques listed in those items. – Roger Binns Aug 23 '12 at 16:11
  • @RogerBinns Our server is already using OpenID, so changing to OAuth is not an option. I will leave this question up in the hope that something changes. – Aaron Dufour Aug 23 '12 at 20:39
  • You do not need to change the existing code on your server, but can instead add to it in order to support using the Account Manager/oauth. Note that you do not need to support oauth as a public general option, and can instead do this "privately". You only need evidence that the user has been authenticated, and that they are who they claim to be. OpenID is just one web way of doing that. If you continue to insist on doing OpenID only and refuse to consider anything else then close the question since it is impossible to be Android user friendly. – Roger Binns Aug 24 '12 at 01:20

0 Answers0