following questions:
1. How to implement 3 legged Authentication using OAuth on Android devices? Is there a library that assists in the aforementioned?
2. What does it mean when someone says: "Site/Service ABC supports OAuth"?
View 2 Replies
I think that I've found the problem I am having with AccountManager that I described in an earlier thread that got no responses on the board.
I think it is a problem with the way that the Activity Stack is working during the OAUTH workflow. Here's the workflow as I see it. I found this problem by separating out my Activity, which I'll call M, from the oauth Activity, which I'll call O. In the course of authentication, the web browser is invoked and let's call that B.
When a user needs to start over with authentication, my application, through Activity M, starts Activity O. That, in turn, generates some magic URL that is sent to the web browser. So the browser is fired up and information was sent to the OAUTH provider to do a redirect back through the browser back to Activity O.
So, this how the OAUTH workflow looks up to the browser: M -> O -> B
At this point the user logs in and hits the Accept button and the browser then invokes my BROWSABLE activity, which, again, is O. I had thought this would unwind the above stack, but it seems that above situation disappears and what I have after the user hits Accept in the browser is this: B -> O
What I did to work around that is that I put a startActity(M) in O and that seems to work, but it is a workaround.
I believe there is something that I could do with launch modes or activity modes to fix this problem and maintain the original activity stack.
All that is happening, really, is that the O activity pauses for little while, then comes back with the goods, the login credentials. But when I tried to return the information via startActivityForResult (), nothing. Because M is no longer on the Activity Stack.
Android twitter Trying the following tutorial for Oauth based authentication and updating user status.
http://www.androidsdkforum.com/android-sdk-development/3-oauth-twitter.html
When i run It has successfully authenticate but when it tries to update the status following error occur.
CODE:...............
I have a login database,from my android client i have to pass the password in a secured manner, how to implement the security encryption in my application(i.e) i want to implement a login screen which is capable of doing encryption. how to build a best encryption algorithm in Java?
View 1 Replies View RelatedHow To Transfer TEXT MESSAGES from WP8.1 devices to Android Devices ??And also the contacts!!
View 2 Replies View RelatedI have to use OAuth for my Android client and I have found that the learning resources are pretty rare or inadequate for this technology. Does anybody know a good book/tutorial/online resource to learn OAuth?
View 3 Replies View RelatedI am trying to authenticate something(in this case LinkedIn) using OAuth but the requested token always returns null?
Here is my code below:
CODE:........
I basicaly followed the example here http://donpark.org/blog/2009/01/24/android-client-side-oauth.
When using the OAuth protocol, you need a secret string obtained from the service you want to delegate to. If you are doing this in a web app, you can simply store the secret in your data base or on the file system, but what is the best way to handle it in a mobile app (or a desktop app for that matter)?
Storing the string in the app is obviously not good, as someone could easily find it and abuse it.
Another approach would be to store it on you server, and have the app fetch it on every run, never storing it on the phone. This is almost as bad, because you have to include the URL in the app. I don't believe using https is any help.
The only workable solution I can come up with is to first obtain the Access Token as normal (preferably using a web view inside the app), and then route all further communication through our server, where a script would append the secret to the request data and communicates with the provider. Then again, I'm a security noob, so I'd really like to hear some knowledgeable peoples' opinions on this. It doesn't seem to me that most apps are going to these lengths to guarantee security (for example, Facebook Connect seems to assume that you put the secret into a string right in your app).
I don't believe the secret is involved in initially requesting the Access Token, so that could be done without involving our own server. Am I correct?
About signpost, and then went back to Twitter4J with which I have created my twitter applications when OAuth wasn't necessary. whether I should use signpost or Twitter4J's method of OAuth authentication. I have read that Twitter4J itself uses signpost for OAuth, still am not sure about the choice that I should make.
View 2 Replies View RelatedI am building an Android application that requires OAuth. I have all the OAuth functionality working except for handling the callback from Yahoo.
I have the following in my AndroidManifest.xml:
CODE:..............
Where www.test.com will be substituted with a domain that I own.
It seems :
This filter is triggered when I click on a link on a page. It is not triggered on the redirect by Yahoo, the browser opens the website at www.test.com It is not triggered when I enter the domain name directly in the browser.
When exactly this intent-filter will be triggered? Any changes to the intent-filter or permissions that will widen the filter to apply to redirect requests?
I am working on an Android application which is to serve as a simple Twitter client. I am using OAuth for authorization and have registered my application with Twitter as new OAuth client. Now when the user authorizes the application, I expect to be taken to the Callback URL(which is pointing to my application); but this is not happening.
My Problem along with source code is described in detail here: http://stackoverflow.com/questions/2199357/oauth-twitter-on-android-c...)
The following intent is launched post authorization: Intent { act=android.intent.action.VIEW dat=http://twitter.com/oauth/authorize? oauth_token=XXACTUAL_TOKEN_HEREXX8&oauth_callback=myapp:///tweet cmp=com.android.browser/.BrowserActivity }
Some how, the hypothetical URL, I provided while registering my application, gets called.
I use signpost-oauth do oauth in android, and after login on the web page, return to the Activity, the provider is null sometimes.
CODE:.....
And the manifest.xml
CODE:.....................
I don't know why the provider is null sometimes.
I'm succesfully using Signpost to authorize calls to protected resources in a Google account via OAuth.
However it seems a bit weird that the user has to go each and every time through Google and grant access. Is there a way of serializing the Consumer and recreating it so that re-authorization is not needed? I've tried keeping the tokens, secret and verifier in the shared preferences and setting them in the Consumer but I receive a OAuthExpectationFailedException.
I am developing my am on mac (10.5.8), on eclipse and SDK 1.6 and a Vodafone HTC Magic Everything was working ok up to a few days ago. I can not see my device on adb devices. I also got a Sony Xperia and I can not see it on the list either. I upgraded the phone software (the HTC) to 1.6 a few days ago. Maybe that is what caused the change, but I could not be sure.
View 2 Replies View RelatedIm tryin to use Twitter with OAuth but i receive this exception.
Authorization failed (server replied with a 401). This can happen if the consumer key was not correct or the signatures did not match.
im using this sample
http://code.google.com/p/oauth-signpost/wiki/TwitterAndSignpost
Error Line:
String authUrl = provider.retrieveRequestToken(consumer, OAuth.OUT_OF_BAND);
I can't get Oauth to work with Twitter. I have tried the following (all result in the same 401 error):
CODE:.......................
I've tried my own implementation and copy/pasted the sample code from each of the sites, and nothing seems to work. I'm also 100% sure I also downloaded and included any dependencies (where needed).
Here's the interesting part. Using jTwitter and the oauth-signpost library, I can initiate a connection to Twitter, open a browser window for the user, have them log-in and generate a PIN for my app. When the app goes to post a status update however, (using the pin, and the stored access token and token secret), the 401 error pops up. All other things I've tried won't even let me open a browser window and ask the user to generate a PIN (they die with the 401 error on the request for the "request token").
I have the complete source code for a small working application that performs OAUTH authorization with Twitter, then turns into a micro Twitter client, letting you post tweets to your Twitter stream. You will need to obtain an application key and secret from Twitter, by registering your application with them.
The html version of the repository is at: http://github.com/brione/Brion-Learns-OAuth.git
The read-only git repository is at: git://github.com/brione/Brion-Learns-OAuth.git
This code should work as is, once you've replaced the fake token and secret in the Keys class.
My Android application uses Java OAuth library, found here for authorization on Twitter. I am able to get a request token, authorize the token and get an acknowlegement but when the browser tries the call back url to reconnect with my application, it does not use the URL I provide in code, but uses the one I supplied while registering with Twitter.
Note:
1. When registering my application with twitter, I provided a hypothetical call back url:http://abz.xyc.com and set the application type as browser.
2. I provided a callback url in my code "myapp" and have added an intent filter for my activity with Browsable category and data scheme as "myapp".
3. URL called when authorizing does contain te callback url, I specified in code.
Relevant Code:..................
I am making an application which is a Twitter client. This means it connects to Twitter with OAuth. I register my application to Twitter and got all my keys, but now I do not have an idea how to connect my application with twitter. I have done some code mention below.
CODE:................
I am developing an application of Twitter -Client. i got lots of hint form this site. i write some come that is
CODE:.............
I compile fine and run this application it will reditect me at Twitter site for "Allow" permision.
Then i want to come back to my android application.
But i got error" could not found "SoftDroidbyDhrumil://twitterconnetcion?OuathToken=somoething"
What do i write at my CallBack URL so i can come back from android browser to my application.
Can I have two separate google play accounts for two different devices & keep one gmail account for both devices?
View 6 Replies View RelatedI am beating my head against a wall trying to figure out why I cannot get Authenticated on my server whilst using HttpUrlConnection. I need to post a file in a post method and it seems I cannot do so with the DefaultHttpClient and a regular HttpPost (unless I am completely missing something?). I can get DefaultHttpClient to authenticate just fine using setCredentials() but the same doesn't exist for HttpUrlConnection so I try to set through setRequestProperty: conn.setRequestProperty("Authorization", "Basic " + Base64EncodedUserNamePassword); to no avail.
View 6 Replies View RelatedI am new on SSL programming. The Android app I am developing needs to open an SSL socket to a secure server which requires the client authentication. When running on the Emulator and trying to talk to a Server running on the host PC, the following Android code snippet always gives me a SocketException at the line, SSLSocket c = (SSLSocket) f.createSocket(hostName, 8888) :
private void openSslClient(String hostName) { try { KeyStore keyStore = KeyStore.getInstance (KeyStore.getDefaultType()); InputStream fis = this.getAssets().open("client.bks"); keyStore.load(fis, "clientjks".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance ("X509");
kmf.init(keyStore, "clientkey".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance ("X509");..............
I am checking out the class org.apache.http.auth. Any more reference or example if anyone has?
View 2 Replies View RelatedI am new to android and know very little about authentication. Ive been asked to build an rss feed app that will need to do Client side certificate authentication through SSL.
I've looked into the keychain api but how to use it and seen no tutorials of its usage.
I am a little lost as ive not done anything with authentication before. How to do mutual SSL client Authentication in android 4.0?
Since basic auth has been deprecated, is the official android twitter app using OAuth? It still asks for my userid & password & I'm wondering how they are retrieving the oauth token ?
View 1 Replies View RelatedI want to use https://github.com/brione/Brion-Learns-OAuth for posting twitter status from android
But I have problem with filling this constants. Where to find
CODE:...........
I create app in twitter , I guess USER_SECRET is Consumer secret. But I don't know other values.
Android + Twitter Integration using OAuth.
I already worked on http://github.com/brione/Brion-Learns-OAuth and getting the error listed below, when I am posting status update...
CODE:...............
I succeed with OAuth Authentication and getting user_secret and user_token and stored in preferences...
So the issue is with http posting using OAuth header...
And My Http Post Method is as:
CODE:..................
I'm trying to use OAuth in an Android app. I have it working correctly but have sometimes run into a problem during the authentication phase. In Android, I launch the browser for the user to login and authenticate. Then the callback url will redirect back to my application.
Here is the problem. My application has a OAuth consumer and provider as members of my main class. When the browser is launched for authentication, sometimes my main Activity is discarded to save memory. When the callback url relaunches my main Activity, the provider and consumer are new instances and therefor don't work when I try to make a request to the api. If the main Activiy was not freed during the authentication phase, then everything works correctly because I'm still working with the original consumer and provider.
I tried using onSaveInstanceState() and onRestoreInstanceState(), but haven't been successful. It seems the onRestoreInstanceState() is not called when my callback url is handled. Seems to go straight to the onResume().
What is the correct method for persisting the consumer and provider in this case?
I'm setting up OAuth for my Android app. To test it I did the following:
Added signpost-core-1.2.1.1.jar and signpost-commonshttp4-1.2.1.1.jar to my project, added the variables "CommonsHttpOAuthConsumer consumer" and "CommonsHttpOAuthProvider provider" and did the following when the button is clicked:
CODE:................
So, the consumer and the provider are saved before opening the browser, like described here.
In the onResume() method I load the provider and consumer data and do the following:
CODE:...............
So, what works:
1) I do get a requestToken and a requestSecret.
2) I do get the oauthUrl.
3) I am directed to the browser page to authorize my app
4) I am getting redirected to my app.
5) I do get the verifier.
But calling retrieveAccessToken(consumer, verifier) fails with an OAuthCommunicationException saying "Communication with the service provider failed: null".
Does anyone know what might be the reason? Some people seem to have problems getting the requestToken, but that just works fine. I wonder if it might be a problem that my app has also included the apache-mime4j-0.6.jar and httpmime-4.0.1.jar which I need for multipart upload.