Android :: OAuth Secrets In Mobile Apps
Dec 19, 2009
When using the OAuth protocol, you need a secret string obtained from the service you want to delegate to. If you are doing this in a web app, you can simply store the secret in your data base or on the file system, but what is the best way to handle it in a mobile app (or a desktop app for that matter)?
Storing the string in the app is obviously not good, as someone could easily find it and abuse it.
Another approach would be to store it on you server, and have the app fetch it on every run, never storing it on the phone. This is almost as bad, because you have to include the URL in the app. I don't believe using https is any help.
The only workable solution I can come up with is to first obtain the Access Token as normal (preferably using a web view inside the app), and then route all further communication through our server, where a script would append the secret to the request data and communicates with the provider. Then again, I'm a security noob, so I'd really like to hear some knowledgeable peoples' opinions on this. It doesn't seem to me that most apps are going to these lengths to guarantee security (for example, Facebook Connect seems to assume that you put the secret into a string right in your app).
I don't believe the secret is involved in initially requesting the Access Token, so that could be done without involving our own server. Am I correct?
View 7 Replies
Jun 18, 2010
Recently I logged into GMail with my browser instead of the GMail app, and discovered what I've read before elsewhere... that the GMail mobile web page seems cooler and better, than the app.
So, I've been thinking... which is better? Is either better? Can they both be equally good?
Either way, it occurred to me, it's interesting that all the Android blogs fall all over themselves almost weekly to come out with various "Best X Android Apps" articles, but I don't think I've seen any articles about the best mobile web pages for Android (or any smart phone for that matter).
I understand the money is to be made in apps, and that not much can (yet) be done with the web that you can do with an app (until we have workable Flash?) but surely there must be some great mobile sites out there that are better than, or equal to, apps?
I'm appealing to all of you then to make your suggestions for Best or at least good mobile web pages to use on our Android phones. I'll be looking around myself, and will possibly turn the results into a blog post of my own.
Here are a couple of starters that seem to be better than the app versions:
- Gmail: nicer interface, quick access to GTalk and Buzz as well as Calender, etc.
- Evernote: www.evernote.com/m Evernote has a really good mobile web site in case you don't want to download the app.
View 7 Replies
View Related
Jul 14, 2010
I have to use OAuth for my Android client and I have found that the learning resources are pretty rare or inadequate for this technology. Does anybody know a good book/tutorial/online resource to learn OAuth?
View 3 Replies
View Related
Jun 4, 2010
I am trying to authenticate something(in this case LinkedIn) using OAuth but the requested token always returns null?
Here is my code below:
CODE:........
I basicaly followed the example here http://donpark.org/blog/2009/01/24/android-client-side-oauth.
View 4 Replies
View Related
Feb 3, 2010
I think that I've found the problem I am having with AccountManager that I described in an earlier thread that got no responses on the board.
I think it is a problem with the way that the Activity Stack is working during the OAUTH workflow. Here's the workflow as I see it. I found this problem by separating out my Activity, which I'll call M, from the oauth Activity, which I'll call O. In the course of authentication, the web browser is invoked and let's call that B.
When a user needs to start over with authentication, my application, through Activity M, starts Activity O. That, in turn, generates some magic URL that is sent to the web browser. So the browser is fired up and information was sent to the OAUTH provider to do a redirect back through the browser back to Activity O.
So, this how the OAUTH workflow looks up to the browser: M -> O -> B
At this point the user logs in and hits the Accept button and the browser then invokes my BROWSABLE activity, which, again, is O. I had thought this would unwind the above stack, but it seems that above situation disappears and what I have after the user hits Accept in the browser is this: B -> O
What I did to work around that is that I put a startActity(M) in O and that seems to work, but it is a workaround.
I believe there is something that I could do with launch modes or activity modes to fix this problem and maintain the original activity stack.
All that is happening, really, is that the O activity pauses for little while, then comes back with the goods, the login credentials. But when I tried to return the information via startActivityForResult (), nothing. Because M is no longer on the Activity Stack.
View 2 Replies
View Related
Nov 1, 2010
About signpost, and then went back to Twitter4J with which I have created my twitter applications when OAuth wasn't necessary. whether I should use signpost or Twitter4J's method of OAuth authentication. I have read that Twitter4J itself uses signpost for OAuth, still am not sure about the choice that I should make.
View 2 Replies
View Related
Apr 19, 2010
I am building an Android application that requires OAuth. I have all the OAuth functionality working except for handling the callback from Yahoo.
I have the following in my AndroidManifest.xml:
CODE:..............
Where www.test.com will be substituted with a domain that I own.
It seems :
This filter is triggered when I click on a link on a page. It is not triggered on the redirect by Yahoo, the browser opens the website at www.test.com It is not triggered when I enter the domain name directly in the browser.
When exactly this intent-filter will be triggered? Any changes to the intent-filter or permissions that will widen the filter to apply to redirect requests?
View 3 Replies
View Related
Feb 15, 2010
I am working on an Android application which is to serve as a simple Twitter client. I am using OAuth for authorization and have registered my application with Twitter as new OAuth client. Now when the user authorizes the application, I expect to be taken to the Callback URL(which is pointing to my application); but this is not happening.
My Problem along with source code is described in detail here: http://stackoverflow.com/questions/2199357/oauth-twitter-on-android-c...)
The following intent is launched post authorization: Intent { act=android.intent.action.VIEW dat=http://twitter.com/oauth/authorize? oauth_token=XXACTUAL_TOKEN_HEREXX8&oauth_callback=myapp:///tweet cmp=com.android.browser/.BrowserActivity }
Some how, the hypothetical URL, I provided while registering my application, gets called.
View 2 Replies
View Related
Jun 27, 2010
I use signpost-oauth do oauth in android, and after login on the web page, return to the Activity, the provider is null sometimes.
CODE:.....
And the manifest.xml
CODE:.....................
I don't know why the provider is null sometimes.
View 1 Replies
View Related
Oct 9, 2010
I'm succesfully using Signpost to authorize calls to protected resources in a Google account via OAuth.
However it seems a bit weird that the user has to go each and every time through Google and grant access. Is there a way of serializing the Consumer and recreating it so that re-authorization is not needed? I've tried keeping the tokens, secret and verifier in the shared preferences and setting them in the Consumer but I receive a OAuthExpectationFailedException.
View 1 Replies
View Related
Jan 20, 2010
The only way to remove apps like NFL Mobile Live and Nascar and whatever else you'll never use is to mess around in the ROOT file?
View 5 Replies
View Related
Oct 16, 2010
I'm a junior iphone developer and got familiar with developing on xcode on top of Mac OS.I wanna build some Cross-Platform apps in the near future and wanna Use Ubuntu as my Operating system.I found many solutions that run only on Mac OS or need mac to build apps for iphone but this is not what i need. i need something which can keep me far from mac (for some reasons).I heard about AIR packager for iOS and that also AIR does apps for android but i'm not a flash guy (but can learn if it will do the job), so i wanna guidance from experience people like you about what is the suitable route should I take.
View 1 Replies
View Related
Nov 2, 2010
I have a few iphone and andriod apps and would like to collect better and more targeted user feedback for them. The feedback from the App stores is pretty generic and doesn't add much value at most times. Any framework or website that I could use to help here? Kind of like Get Satisfaction for Mobile Apps.
View 1 Replies
View Related
Feb 8, 2010
I am a C++ programmer interested in developing applications for Android as well as the iPhone platform. I have explored both these platforms by writing simple applications in Java (Android) and Objective-C (iphone). But the fact is that I am not comfortable with either of these languages, and it bothers me that I have to write 2 very different versions of the same application to support both platforms. (And then what do I do to run it on a Nokia phone?)Is using web technologies (JavaScript/HTML/CSS) a viable solution for writing apps which will run on multiple mobile platforms? I have heard of Appcelerator and PhoneGap, but I am not sure how mature these products are. I'd appreciate any feedback from folks who have used web apps as a solution for developing cross platform mobile apps.
View 5 Replies
View Related
Oct 13, 2010
What are the best practices to design webservices for mobile (particularly Android) apps?
Personally I'm focused on using JSON (and not XML) and I try to make it the less verbose I can. But I'm probably missing a lot of things.
View 4 Replies
View Related
Jan 24, 2012
i Developed one apps...its worked successfully in my simulator...now am installed dis apps in my samsung android mobile..i dono the steps for connection..
View 5 Replies
View Related
Dec 13, 2011
My app, at the first screen, is gonna check a server to offer some options to the user. The options are phrases and the app has to load these phrases and show in the screen. Is it possible to do every time that the user turn the app on? Is it possible to do via web services?
View 2 Replies
View Related
Jul 29, 2010
Android twitter Trying the following tutorial for Oauth based authentication and updating user status.
http://www.androidsdkforum.com/android-sdk-development/3-oauth-twitter.html
When i run It has successfully authenticate but when it tries to update the status following error occur.
CODE:...............
View 2 Replies
View Related
Jul 8, 2010
Im tryin to use Twitter with OAuth but i receive this exception.
Authorization failed (server replied with a 401). This can happen if the consumer key was not correct or the signatures did not match.
im using this sample
http://code.google.com/p/oauth-signpost/wiki/TwitterAndSignpost
Error Line:
String authUrl = provider.retrieveRequestToken(consumer, OAuth.OUT_OF_BAND);
View 1 Replies
View Related
Feb 3, 2010
following questions:
1. How to implement 3 legged Authentication using OAuth on Android devices? Is there a library that assists in the aforementioned?
2. What does it mean when someone says: "Site/Service ABC supports OAuth"?
View 2 Replies
View Related
Jun 7, 2010
Does anyone know of any apps/websites for BBC or ITV on your mobile for free? Thinking ahead for World cup while in work!
View 21 Replies
View Related
Nov 3, 2011
My friend and I have an idea for an app we'd like to create but neither of us have ever programmed in Android before. We'd like this app to pull data from a database (perhaps a mysql database hosted on one of our servers).
Any basic mobile app template for Android that pulls data from an external database?
View 1 Replies
View Related
Jun 11, 2012
I know that the stuff regarding the secure element inside certain phones is kept on a strictly need-to-know basis and Google only lets certain people have access, but how about the apps that are running on the phone, such as Google Wallet?
What I mean is, is it possible to write an App that communicates with something like Google Wallet (not necessarily this app specifically) instead of an NFC device? At its simplest, when you pass your phone over a credit card terminal, it communicates via the NFC chip to the wallet application. What I'm looking to do is bypass that terminal and just communicate directly with the app via another app, sending the necessary commands directly. Is this possible? (If so, I'm not looking for a how-to, just if it's doable or not).
I know it might be complicated and there's a lot to learn, APDU commands and all that - that's fine.
View 2 Replies
View Related
Jun 4, 2010
DejaOffice is a mobile office suite for professionals on the go. It makes your Android device work more like PC software (like Microsoft Outlook).
www.dejaoffice.com
Some of the features:
Categories with colors
9 custom fields
Sort by first, last or company name
Day, week, month and year view on calendar
Assign priorities and due-dates with alerts to tasks
Sort tasks and notes by subject, date, priority or category
Global search feature across all data types
Supports English, French, Spanish, German, Portuguese, Japanese, Korean, and Czech (more coming!)
Contacts:
Calendar:
Tasks:
Note from AF: CompanionLink Software is an approved Sponsor for AndroidForums. Give their free ad-supported version of DejaOffice a try!
View 49 Replies
View Related
Sep 16, 2010
I can't get Oauth to work with Twitter. I have tried the following (all result in the same 401 error):
CODE:.......................
I've tried my own implementation and copy/pasted the sample code from each of the sites, and nothing seems to work. I'm also 100% sure I also downloaded and included any dependencies (where needed).
Here's the interesting part. Using jTwitter and the oauth-signpost library, I can initiate a connection to Twitter, open a browser window for the user, have them log-in and generate a PIN for my app. When the app goes to post a status update however, (using the pin, and the stored access token and token secret), the 401 error pops up. All other things I've tried won't even let me open a browser window and ask the user to generate a PIN (they die with the 401 error on the request for the "request token").
View 4 Replies
View Related
Jan 2, 2010
I have the complete source code for a small working application that performs OAUTH authorization with Twitter, then turns into a micro Twitter client, letting you post tweets to your Twitter stream. You will need to obtain an application key and secret from Twitter, by registering your application with them.
The html version of the repository is at: http://github.com/brione/Brion-Learns-OAuth.git
The read-only git repository is at: git://github.com/brione/Brion-Learns-OAuth.git
This code should work as is, once you've replaced the fake token and secret in the Keys class.
View 3 Replies
View Related
Feb 4, 2010
My Android application uses Java OAuth library, found here for authorization on Twitter. I am able to get a request token, authorize the token and get an acknowlegement but when the browser tries the call back url to reconnect with my application, it does not use the URL I provide in code, but uses the one I supplied while registering with Twitter.
Note:
1. When registering my application with twitter, I provided a hypothetical call back url:http://abz.xyc.com and set the application type as browser.
2. I provided a callback url in my code "myapp" and have added an intent filter for my activity with Browsable category and data scheme as "myapp".
3. URL called when authorizing does contain te callback url, I specified in code.
Relevant Code:..................
View 2 Replies
View Related
Sep 9, 2010
I am making an application which is a Twitter client. This means it connects to Twitter with OAuth. I register my application to Twitter and got all my keys, but now I do not have an idea how to connect my application with twitter. I have done some code mention below.
CODE:................
View 3 Replies
View Related
Sep 10, 2010
I am developing an application of Twitter -Client. i got lots of hint form this site. i write some come that is
CODE:.............
I compile fine and run this application it will reditect me at Twitter site for "Allow" permision.
Then i want to come back to my android application.
But i got error" could not found "SoftDroidbyDhrumil://twitterconnetcion?OuathToken=somoething"
What do i write at my CallBack URL so i can come back from android browser to my application.
View 1 Replies
View Related
Oct 12, 2010
I have a strange problem with my Galaxy S. I have unlimited mobile internet(3G), but not all Apps work.
For example when I am on the mobile internet network, de standard Internet browser does not work. It just displays a white page whatever I'm trying to load.Other programs say there is no internet connection avaible or just don't respond.
However there are 2 programs that d� work. Opera Mini and eBuddy can work with Wi-Fi and 3G. Other Apps like to check if it's gonna rain, or a News RSS viewer etcetera does not work.They only do with Wi-Fi.I have no clue what to search for and also no idea if it's my mobile phone or my provider(it's named 'Hi', it's dutch).
View 8 Replies
View Related
