在Android实现client授权

OAuth对你的数据和服务正在变成实际上的同意訪问协议在没有分享用户password。

实际上全部的有名公司像Twitter。Google,Yahoo或者LinkedIn已经实现了它。在全部流行的程序语言里有很多的库和代码样例也在你的d桌面程序。移动程序,或者web程序上实现了OAuth。

也有给Android的參考指南,然而他们中的大多数不是最新的,精确地或者在时间紧张的情况下理解是困难的。我们这里提供了几个easy的步骤来解释它怎么样用简单的方式完毕它。

首先,简答描写叙述OAuth是怎样工作的。它是基于加密。加密的地方:

1.一个token和一个一致的password。这个password有client从服务端请求到。

2.这个token通过用户被验证作为有效和被同意訪问他们的数据,然后

3.这个token被更新而且这个从那时候会被使用,直到通过同样的用户又一次调用授权。

这个在第一步被请求的token被叫做request token.也就是说你通常指定了你想要訪问的它服务的地方;它被叫做scope。

第二步被叫做authorization,这一步是控制通过一个回调传回到客户应用程序。

最后的token在第三步被接收叫做access token。这个能被使用非常长时间,它不会过期(可是。正如提到的。用户能在不论什么时候调用它)。它是一个短字符串。用一个一直的密钥字符串。而且一旦应用程序请求它,它能被用于登录HTTP请求。为的是让供应商验证它。全部三步对供应商有一个一致的URL。对于一个HTTP请求被发送的地方获取token或者维护它。

假设你须要更深入的描写叙述,在code.google.com上有一篇好文章使用API參照。而且还实用图很详尽的概述。

我们将使用卓越的signpost的java库来实现OAuth訪问到Gmail。仅仅须要下载signpost-core和signpost-commonshttp4包。把他们拷贝到lib目录下,右键project。在Properties/Java Build Path下你能把他们加入到build path中:

我们将实现OAuth支持通过一个背胶做OAUthHelper的帮助类。两个最重要的来被提供通过signpost的是OAuthConsumer和OAuthProvider。在跳到真正的连接曾经。我们首先设置下面步骤:

private OAuthConsumer mConsumer;

private OAuthProvider mProvider;

private String mCallbackUrl;

public OAuthHelper(String consumerKey, String consumerSecret,

String scope, String callbackUrl)

throws UnsupportedEncodingException {

   mConsumer = new CommonsHttpOAuthConsumer(consumerKey, consumerSecret);

   mProvider = new CommonsHttpOAuthProvider(

   "https://www.google.com/accounts/OAuthGetRequestToken?scope="

   + URLEncoder.encode(scope, "utf-8"),

   "https://www.google.com/accounts/OAuthGetAccessToken",

   "https://www.google.com/accounts/OAuthAuthorizeToken?

hd=default");

   mProvider.setOAuth10a(true);

   mCallbackUrl = (callbackUrl == null ?

OAuth.OUT_OF_BAND : callbackUrl);

}

这个consumerKey和consumerSecret字符串依赖于你的client应用程序。你给两者能使用匿名。然后你或许想对供应商注冊你的应用程序,它将公布一个key和一个密钥给你的APP,为了訪问你一个用户的Gmail的收件范围是"https://mail.google.com/",这个授权的URLs是在帮助类的构造器中。

callbackUrl变量能被用于传递一个URL给供应商,一旦你的token被授权供应商将被调用。

在Android中一旦验证完毕。你能注冊一个特别的URL框架到你的应用程序中。因此浏览器将触发一个你的app的activity。

比如。假设你想要MyActivity被调用放到你的app的manifest中:

<activity android:name="MyActivity">

<intent-filter>

<action android:name="android.intent.action.VIEW"></action>

<category android:name="android.intent.category.DEFAULT"></category>

<category android:name="android.intent.category.BROWSABLE"></category>

<data android:scheme="my-activity"></data>

</intent-filter>

</activity>

而且传递"my-activity://mywebsite.com/"最为一个回调URL。这也对你的应用程序的身份有影响作为mywebsite.com对供应商。

你的应用程序将通过回调获得一个验证码作为给URL的查询參数,在这个URL中,查询key时"verifier"。

你以后将须要这个。

public String getRequestToken()

throws OAuthMessageSignerException, OAuthNotAuthorizedException,

OAuthExpectationFailedException, OAuthCommunicationException {

   String authUrl = mProvider.retrieveRequestToken(mConsumer,

   mCallbackUrl);

   return authUrl;

}

In your OnResume() method in MyActivity you can catch the callback and retrieve the verifier, and upgrade your token with it:


String[] token = getVerifier();

if (token != null)

String accessToken[] = getAccessToken(token[1]);

...

private String[] getVerifier() {

    // extract the token if it exists

    Uri uri = this.getIntent().getData();

    if (uri == null) {

        return null;

    }

    String token = uri.getQueryParameter("oauth_token");

    String verifier = uri.getQueryParameter("oauth_verifier");

    return new String[] { token, verifier };

}

In our helper class:


public String[] getAccessToken(String verifier)

throws OAuthMessageSignerException, OAuthNotAuthorizedException,

OAuthExpectationFailedException, OAuthCommunicationException {

    mProvider.retrieveAccessToken(mConsumer, verifier);

    return new String[] {

        mConsumer.getToken(), mConsumer.getTokenSecret()

    };

}

And that's it. Just make sure you save the access token and its secret. You can now use signpost to sign your HTTP queries e.g.


OAuthConsumer consumer = new CommonsHttpOAuthConsumer(accessToken[0],

accessToken[1]);

HttpGet request = new HttpGet(url);

// sign the request

consumer.sign(request);

// send the request

HttpClient httpClient = new DefaultHttpClient();

HttpResponse response = httpClient.execute(request);


原文:

OAuth is becoming the de-facto protocol to allow access to your data and services without sharing user password. Effectively all the big names such as Twitter, Google, Yahoo or LinkedIn have already implemented it. There are quite a few libraries and code samples in all the popular programming languages out there to implement OAuth in your desktop, mobile or web application as well.

There are guides for Android too, however most of them are not up to date, accurate or just difficult to comprehend if you are in a hurry. Here we provide a few easy to follow steps with some explanation how it can be done in a straightforward way.

First, a short summary how OAuth works. It is based on cryptography, where

  1. a token and a corresponding secret is acquired by a consumer (a desktop or web application) from a provider (a server in the cloud),
  2. this token is authorized by the user as valid and allowed to access their data and then
  3. the token is upgraded, and this can then be used from then on until it is revoked by same user who authorized it.

The token acquired in the first step is called a request token, this is where you usually specify which service you would like to get access to; it is called scope. The second step is called authorization, after which control can be passed back to the consumer application via a callback. The final token that is received in the third step is called access token. This can be used for a long period of time, it won't expire (but, as mentioned, the user can revoke it any time). It is basically a short string, with a corresponding secret string, and once the application acquired it, it can be used to sign HTTP requests, thus authenticating it for the provider. All three steps have a corresponding URL at the provider, to where an HTTP request is sent to get the token or manipulate it.

If you need further details, there's a good article with API reference at code.google.com, and another very detailed overview with figures here.

We will use the excellent signpost Java library to implement OAuth access to Gmail. Just download at least the signpost-core and signpost-commonshttp4 jars, copy them to the lib/ folder inside your Android project, right click on the project, and under Properties/Java Build Path you can add them to the build path:

Adding the signpost jars to the build path][]

We will implement OAuth support via a helper class called OAuthHelper. The two single most important classes provided by signpost are OAuthConsumer andOAuthProvider; before diving into actual communications, we set these up first:

private OAuthConsumer mConsumer;
private OAuthProvider mProvider;
posted @ 2017-08-17 14:41  zhchoutai  阅读(1373)  评论(0编辑  收藏  举报