Android’s OAuth Providers and Dashboard
This is a proof of concept and has security flaws. Install only at your own risk
This is an OAuth frontend for Android. Users can choose from an overview of available services which OAuth authenticated connection they wish to allow. Developers need no longer concern themselves with the proper handling of OAuth authentication, instead handing off responsibility to the OAuth providers. Using this method there are two main benefits:
- After an initial authentication, users can then opt to presume this application authenticated
- Users need not trust closed source, third party applications with their credentials
OAuth App details
For further information about the OAuth spec please visit http://oauth.net.
In this implementation registered authentications are persisted as securely as possible in the ‘registry’ table of the database. A list of the available OAuth authenticated services are openly visible to developers in the provider.xml.
Help us add additional providers!
A good way of becoming orientated with the OAuth app’s functionality is to add a new provider which authenticates with an external service. If the provider works, please do alert us to it’s presence and we’ll add it to the list! If you have problems adding a provider then please open an issue with the full details of your error.
Adding a new provider.
In order to add a new provider, you need to specify the following callback schema: x-oauth-android://callback when registering your application for the service provider. In the event of some services not accepting this then use http://novoda.com/oauth which will redirect to the x-oauth-android://callback. With newer OAuth versions, the callback is used within the request so you don’t need to provide the callback URL upon registration.
Adding a new service provider in code:
ContentValues values = new ContentValues(); values.put('request_token_url', 'http://mysite.com/request_token'); values.put('access_token_url', 'http://mysite.com/access_token'); values.put('authorize_url', 'http://mysite.com/authorize'); values.put('consumer_key', 'myconsumerkey'); values.put('consumer_secret', 'mysecret'); getContentResolver().insert(Uri.parse('content://com.novoda.oauth.providers/registry'), values)
Redirecting the user for OAuth activation
If you want the user to activate the OAuth application, you can call the following activity:
Intent intent = new Intent(); Bundle extras = new Bundle(); HashMap<String, String> value = new HashMap<String, String>(); intent.setAction("com.novoda.oauth.action.OAUTH_CALL"); intent.setData(Uri.parse("content://com.novoda.oauth.provider.OAuth/registry"), ID_OF_THE_SERVICE)); extras.putString("endpoint", ENDPOINT_URI); extras.putSerializable("parameters", value); intent.putExtras(extras); startActivityForResult(intent, RESULT_CALLBACK_ID);
Accessing the chosen OAuth provider via it’s ID is currently a limitation we’d like to change. Alternatives are by name or authoriz URL. It’s up for discussion and suggestions are appreciated.
Icon pack downloaded under the CC license from: