locked
Web Api that requires a Google login - how to do this on Android / IOS? RRS feed

  • Question

  • User-1533516241 posted

    Basically this is how it is working: I issue a GET request to an address that redirects to a Google login page. Once logged in, it redirects to an azure page, which gives an access token. This is put in the header of a new request to azure and the response is data linked to the Google account in JSON format.

    This Stack Overflow question has an answer which might explain this better: http://stackoverflow.com/questions/21065648/asp-net-web-api-2-how-to-login-with-external-authentication-services

    This is easy when it is just in a browser. So far I have been using a WebView on Android but apparently there are security concerns with this approach, and on IOS it does not even work because Google appears to block you from entering your password from a WebView.

    How can I do the process on Android without using a WebView?

    Friday, August 14, 2015 4:41 AM

All replies

  • User1779161005 posted

    For a mobile app, it's almost the same except the token is passed back typically via the hashfragment. Look into the "implicit flow" docs on google.

    Friday, August 14, 2015 8:56 AM
  • User-1533516241 posted

    I didn't find these docs but I did find this: http://dotnetcodr.com/2014/01/30/introduction-to-oauth2-part-4-the-implicit-flow/

    The application will then need to show the correct login page and consent screen of the selected provider. Here’s an example for the Google login on iOS:

    This means using a WebView as far as I can see. I've already done it using a WebView. My question is how to do it without?

    Monday, August 17, 2015 9:27 AM
  • User-1533516241 posted

    In fact the WebView doesn't even work on IOS. The password field doesn't allow you to enter the password.

    Tuesday, August 18, 2015 5:48 AM