[英]Sharing oauth token between my apps on Android - Shared User ID, Keychain, AccountManager or something else?
I'm trying to work out the best solution for a particular situation I'm in, and am having trouble working out the best option. 我正在尝试针对所处的特定情况制定最佳解决方案,但在寻找最佳选择时遇到了麻烦。 It's a tricky setup, so might be a fun challenge for you Android experts! 这是一个棘手的设置,因此对于您的Android专家来说可能是一个有趣的挑战! Here's my situation: 这是我的情况:
I hope that all makes sense!!! 我希望一切都有意义!!! Please let me know if not. 如果没有,请通知我。
I'm now trying to work out the best method for storing oAuth tokens (plus some additional data such as email address to go with it) on Android so that other apps owned by our account can access them in order to exchange for a fresh token. 我现在正在尝试找出在Android上存储oAuth令牌(以及一些其他数据,例如电子邮件地址)的最佳方法,以便我们帐户拥有的其他应用可以访问它们,以换取新的令牌。
I've looked into using the following, but am unsure of the best route: 我已经研究过使用以下方法,但是不确定最佳方法:
The problem with option 1. seems to be that setting the sharedUserId after first release will lose access to all of the data (see http://java-hamster.blogspot.jp/2010/05/androids-shareduserid.html ). 选项1的问题似乎是,在第一个发行版之后设置了sharedUserId将会失去对所有数据的访问权限(请参阅http://java-hamster.blogspot.jp/2010/05/androids-shareduserid.html )。 This is not a nice thing for our users. 对于我们的用户来说,这不是一件好事。
Option 2. (AccountManager) could be a good option, but if we want to store the tokens separately (per-app), but want any other apps we make to access their tokens, I'm not sure how we'd do that. 选项2。(AccountManager)可能是一个不错的选择,但是如果我们想分别存储令牌(每个应用程序),但又想让我们制造的任何其他应用程序访问其令牌,我不确定该怎么做。 。
Option 3... is it possible to do what we need with Keychain? 选项3 ...使用钥匙串可以做我们需要做的事情吗?
If I understand correctly, option 4 would need each app to have its own ContentProvider? 如果我理解正确,选项4是否需要每个应用程序都有其自己的ContentProvider? I'm not sure how that would work for our requirements. 我不确定这将如何满足我们的要求。
If anyone has gone through this kind of situation and could share some insights and recommendations, I'd really appreciate it! 如果有人遇到这种情况并可以分享一些见解和建议,我将非常感谢!
AccountManager is meant to solve the exact problem that your are commenting. AccountManager旨在解决您正在评论的确切问题。 Here is a good tutorial to work with it: http://blog.udinic.com/2013/04/24/write-your-own-android-authenticator/ 这是一个与之配合使用的好教程: http : //blog.udinic.com/2013/04/24/write-your-own-android-authenticator/
Just be sure that you sign all your apps with the same keystore, because this is the only thing that might complicate things (a lot). 只要确保您使用相同的密钥库对所有应用程序进行签名即可,因为这是唯一使事情复杂化的事情。
Using preferences will lead you into a problem as all that you store in the main thread is not guaranteed to be there in a Service (like a SyncAdapter). 使用首选项会导致您遇到问题,因为不能保证您存储在主线程中的所有内容都可以在Service(如SyncAdapter)中找到。 There used to be a trick for this in the form of flag (MULTI_SERVICE) but was deprecated in api 23. 过去曾经以标记(MULTI_SERVICE)的形式使用此技巧,但在api 23中已弃用。
ContentProvider is of course possible (its too generic) but AccountManager will help you to cover the corner cases related from refreshing tokens and other interesting stuff. ContentProvider当然是可能的(它太通用了),但是AccountManager将帮助您解决与刷新令牌和其他有趣内容有关的特殊情况。
ContentProvider is probably your best best. ContentProvider可能是您最好的。 I won't be able to provide the whole code for you to do this, but this is generally how I see it working: 我将无法为您提供完整的代码,但这是我通常认为的工作方式:
Side notes: 旁注:
Useful links: 有用的链接:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.