Skip to content
This repository

An OAuth Library/application for Android which uses Content Providers in order to store OAuth data

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 oauth-16-app
Octocat-spinner-32 oauth-16-instrumentationtest
Octocat-spinner-32 .gitignore
Octocat-spinner-32 README.textile
Octocat-spinner-32 pom.xml
README.textile

Android’s OAuth Providers and Dashboard

This is a proof of concept and has security flaws. Install only at your own risk

Install the app on your Android phone by scanning this QR code:

Benefits

This is an OAuth frontend for Android. Users can choose from an overview of available services which OAuth authenticated connection they wish to allow. Developers need no longer concern themselves with the proper handling of OAuth authentication, instead handing off responsibility to the OAuth providers. Using this method there are two main benefits:

  • After an initial authentication, users can then opt to presume this application authenticated
  • Users need not trust closed source, third party applications with their credentials

Screenshot of providers dashboard:

Screenshot of available authenticated service detail:

OAuth App details

For further information about the OAuth spec please visit http://oauth.net.
In this implementation registered authentications are persisted as securely as possible in the ‘registry’ table of the database. A list of the available OAuth authenticated services are openly visible to developers in the provider.xml.

Help us add additional providers!

A good way of becoming orientated with the OAuth app’s functionality is to add a new provider which authenticates with an external service. If the provider works, please do alert us to it’s presence and we’ll add it to the list! If you have problems adding a provider then please open an issue with the full details of your error.

Adding a new provider.

In order to add a new provider, you need to specify the following callback schema: x-oauth-android://callback when registering your application for the service provider. In the event of some services not accepting this then use http://novoda.com/oauth which will redirect to the x-oauth-android://callback. With newer OAuth versions, the callback is used within the request so you don’t need to provide the callback URL upon registration.

Adding a new service provider in code:

		
	ContentValues values = new ContentValues(); 
	values.put('request_token_url', 'http://mysite.com/request_token');
	values.put('access_token_url', 'http://mysite.com/access_token');
	values.put('authorize_url', 'http://mysite.com/authorize');
	values.put('consumer_key', 'myconsumerkey');
	values.put('consumer_secret', 'mysecret'); 
	
	getContentResolver().insert(Uri.parse('content://com.novoda.oauth.providers/registry'), values)
	

Redirecting the user for OAuth activation

If you want the user to activate the OAuth application, you can call the following activity:

	
	Intent intent = new Intent();
	Bundle extras = new Bundle();
	HashMap<String, String> value = new HashMap<String, String>();
	
	intent.setAction("com.novoda.oauth.action.OAUTH_CALL");
	intent.setData(Uri.parse("content://com.novoda.oauth.provider.OAuth/registry"), ID_OF_THE_SERVICE));
	extras.putString("endpoint", ENDPOINT_URI);
	extras.putSerializable("parameters", value);
	intent.putExtras(extras);
	
	startActivityForResult(intent, RESULT_CALLBACK_ID);
	

Accessing the chosen OAuth provider via it’s ID is currently a limitation we’d like to change. Alternatives are by name or authoriz URL. It’s up for discussion and suggestions are appreciated.

A provided test application can be installed on your Android phone by scanning this QR code:

Icon pack downloaded under the CC license from:
http://www.komodomedia.com/blog/2009/06/social-network-icon-pack/
http://paulrobertlloyd.com/2009/06/social_media_icons

Something went wrong with that request. Please try again.