Aplicación de Android + API de servidor web con inicio de sesión federado u OpenID (SIN GAE)

I have an Android app that needs to upload data to an API (API will then save data in MySQL DB). I would like to use a Federated login (Google) or OpenID authentication procedure so that user does not need to register email + password for my app, but rather can use Google (or other account) that is saved in AccountManager.

Up until early this year, the solution was using GAE, as per Nick Johnson's famous recipe. But since Google started charging for the use of GAE, this is not a viable solution anymore. PLEASE DO NOT RECOMMEND USE OF GAE.

Has anyone ever managed to solve the problem of authenticating with Federated Login OR OpenID and then getting authorization on a third-party (your) webserver API?

NOTE: OAuth would be a straightforward solution for authorization except that it would rely on interacting (in a trusted manner) with a previously authenticated consumer, which is not the case when you authenticate the app user (on the mobile) using FedLogin or OpenID. OAuth works if my app (mobile + webserver) authenticates user (and I store login + password — which is EXACTLY what I am trying to avoid), but not if Google (or FB) do this for you.

preguntado el 31 de julio de 12 a las 14:07

thanx for the copydesk job @SaDec! Ooops, I meant: Thank you for the copydesk job, @SaDec. LOL -

Sorry I don't get you. I just want to earn 2 points for each editing :-D -

@SaDec i was thanking you for the help. in journalism, a COPYDESK is someone who corrects grammar and spelling before a reporter can publish an article. it is a very important job. i was seriously thanking you, because i am too lazy to capitalize and to write "correctly". -

You're welcome :-) . Thanks for your kind words. You taught me a new phrase. -

1 Respuestas

Eso es lo OpenID Connect does. Demo app aquí.

As for GAE, it still has a free tier (28 frontend instance hours, enough to run 24/7) an it should be enough for you if you don't get much traffic. Anyway you do this, you have to run a server somewhere (even if it is your own machine), so there is not way to make this completely free. So yes, GAE is a viable option. You can start off for free and scale up as needed. There are other reasons to avoid GAE, but 'I have to (at some point) pay (something), therefore scrap it', is definitely the wrong mindset.

Respondido 06 ago 12, 03:08

you are absolutely correct that there are inevitably going to be expenses. my issue with google products is that google changes commercial policies with no previous notice. while i can estimate the cost for having secure servers for the next 5 years, i cannot do so if i use google technology. i had to scrap code w/ gmaps. therefore, despite their excellent products, google are not a trustworthy partner for commercial products. like foursquare and apple, i will not write code that depends on a google product to operate. it is a commercial strategy, rather than a technological imperative. - tony gil

i was ready to launch a commercial product using google maps when they completely changed their commercial policy this year and made all of my code useless. i was lucky that it happened prior to launching and that i had no commercial obligations with paying customers. i just lost 1000 hours of java coding, give or take. burn me once, shame on you - burn me twice, shame's on me. - tony gil

i checked out your answer. as of this time, OpenID Connect is still in final stages of approval, accoridng to most authors. the site itself says that it is in "Implementer's draft". the example suggested is "powered by GAE". i upvoted because OpenID Connect might at some point in the near future become the solution. thanx! - tony gil

Right it is not final. But neither is OAuth2, still everyone uses it :) If you can live with having to update your code as the specs evolves, it might be worth a try. If you need a proven and stable product now, you might have to wait a couple of years. - Nikolái Elenkov

No worries, I'm not here for the money :) Do share what worked for you though, it will be interesting. - Nikolái Elenkov

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.