0

I have wrote a simple web application with few tables. It has it's administration area where you can manage it's table. Basic CRUD operations.

However, I need to develop an Android application which will retrieve information from this web application trough API. So I am going to write a simple API methods for fetching data. Also there will be sometimes when Android user will save some of its data to database.

Android application needs to be able to list items stored in database and bookmark some of those items over HTTP.

To me problem is how to implement SingIn / SignOut operations using Android's Google account. For example, application GMail is always signed in (at least on my device) and I want my application to be always signed in.

Then, how can I manage what items user bookmarked? Should I create a table android_bookmarked_items (android_user_id, item_id)? But then what should be android_user_id? Do I need to use OAuth?

I am doing this kind off sign in for the first time and I am really confused how to connect this web application with android user and manage bookmarked items per user...

clzola
  • 1,925
  • 3
  • 30
  • 49

2 Answers2

0

You can make use of Android AccountManager. Check out How to get the Android device's primary e-mail address

Community
  • 1
  • 1
David Adelekan
  • 47
  • 5
  • It is not problem to me to make these HTTP requests, but create this authentication logic. There is no registration process for user, this needs to be done automatically after installing application from play store or using android's email address to sign in to my application automatically and stay signed in. – clzola Feb 25 '17 at 22:15
  • Then you can make use of the AccountManager of the android device. Check out http://stackoverflow.com/questions/2112965/how-to-get-the-android-devices-primary-e-mail-address to see how it was resolved. – David Adelekan Feb 25 '17 at 22:24
  • So, i get this primary email from AccountManager. I can send it to my application and store it there. Then i can also attach bookmarked items to this email. Now problem that i see is how to secure this communication so that only this device can bookmark items withnthat email address? I mean if someone sees http request he or she will discover that i am using post request and have two fields: email and item id. Now he or she can recreate this request with same email and different item ids... – clzola Feb 26 '17 at 11:06
0

I think i have found solution by using Google Sign-In for Android. I get idToken for currently login user before each POST request and verify it on server side. Also from the token I get property sub which is user id and store this in my database...

Auth with a backend server

However, I am pretty new to this stuff, tokens and authentication using google, I would like for someone more experinced to confirm that my solution is fine and secure...

clzola
  • 1,925
  • 3
  • 30
  • 49