在Android上对用户进行身份验证,但在远程服务器上进行处理?
[英]authenticate the user on Android but process on remote server?
问题描述
I'm suppose to develop a new option for our Android app that allows new users to sign in with their Google account. 
我想为我们的Android应用程序开发一个新选项,允许新用户使用其Google帐户登录。 We need to retrieve basic user info (First name, Last name, Date of birth, Email, Country etc.) and store them on server. 我们需要检索基本的用户信息(名字,姓氏,出生日期,电子邮件,国家/地区等)并将其存储在服务器上。 It should happen only the first time user logs in to the app so the next time all the button is doing is simple authentication to access the member's area. 只有在用户首次登录该应用程序时才会发生这种情况,因此下一次所有按钮所做的只是简单的身份验证以访问该成员的区域。
Currently, our app prompt for permission using oauth2 and AccountManager and can retrieve the user info through oauth2 api . 目前,我们的应用程序使用oauth2和AccountManager提示输入权限,并且可以通过oauth2 api检索用户信息。 I would like to do the same thing on our server instead. 我想在我们的服务器上做同样的事情。
So to sum it up here is the flow I'm thinking about: 因此,在这里总结一下是我正在考虑的流程:
- User chooses to sign in with Google 用户选择使用Google登录
- If he hasn't authorized the app yet, request permission to access his info; 如果他尚未授权该应用,请请求访问其信息的权限; retrieve and store them on the server and log in. If he has already authorize the app, simply log in. 检索它们并将其存储在服务器上并登录。如果他已经授权了该应用,则只需登录。
We still need a local copy of user info on his android device though so he can view his own profile. 尽管我们仍然需要在他的android设备上提供用户信息的本地副本,以便他可以查看自己的个人资料。
Note: The reason I'm thinking of doing the data import process on our server is to speed up the app and save some bandwidth. 注意:我正在考虑在服务器上执行数据导入过程的原因是为了加速应用程序并节省一些带宽。 but I also feel that user might want to modify his data before they get saved to the server. 但我也觉得用户可能希望先修改自己的数据,然后再将其保存到服务器。
I'm really confused and the oauth2 documentation doesn't help much. 我真的很困惑,oauth2文档没有太大帮助。
2 个解决方案
解决方案1
1 2012-08-23 19:27:30
I don´t understand the problem. 我不明白这个问题。 Sorry. 抱歉。
Just retrieve information about the customer from the OAuth api, send the information through HTTP/HTTPS post request to the server, save it there. 只需从OAuth api检索有关客户的信息,然后通过HTTP / HTTPS发布请求将信息发送到服务器,然后将其保存在服务器上即可。 Then save the same information in the SQLite database in phone and after first time when the app launches just check the user table in SQLite for if the customer exists. 然后将相同的信息保存在手机的SQLite数据库中,并且在第一次启动应用程序后,只需检查SQLite中的用户表是否存在客户。
Here is an awesome example: http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/ 这是一个很棒的示例: http : //www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/
解决方案2
0 2014-07-06 17:17:00
In order to do this, you need to follow the documentation for Cross-Platform single sign-on and Cross-client Auth from Google. 为此,您需要遵循Google的跨平台单点登录和跨客户端身份验证的文档。 In essence, your flow should be: 本质上,您的流程应为:
- Check to see if the user is authenticated (probably best as a POST to your remote system), if so, continue to your main activity. 检查用户是否已通过身份验证(最好是作为对远程系统的POST身份验证),如果是,则继续进行主要活动。 If not, show the sign on button. 如果不是,请显示登录按钮。
- Once the user clicks sign-on, connect the GoogleApiClient, retrieve the current person, save their information on the device (if needed). 用户单击登录后,连接GoogleApiClient,检索当前用户,然后将他们的信息保存在设备上(如果需要)。
- Request an auth token for the user via GoogleAuthUtil.getToken . 通过GoogleAuthUtil.getToken为用户请求身份验证令牌。
- Send the token to your web server (must be https). 将令牌发送到您的Web服务器(必须为https)。 On your web server, retrieve the user's information from the token, and save it to the database. 在您的Web服务器上,从令牌中检索用户的信息,并将其保存到数据库中。
Also, I suggest you use a persistent cookie store for your requests (I prefer loop4j's Android Async-HttpClient ). 另外,我建议您对请求使用持久性Cookie存储(我更喜欢loop4j的Android Async-HttpClient )。 This will allow you to save the session easily, so you do not have to authenticate too often. 这将使您轻松保存会话,因此您不必过于频繁地进行身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.