My application will be handling sensitive data (开发者_如何学运维private keys) and therefore must have a secure way of accessing this data. I would like to pass the user authentication burden on to Google and have them determine if the user can have access to the app or not based on verifying their Google account information. I was looking into using a WebView and using the OpenID protocol, but being a more web based protocol I am still considering other options. Another requirement would also be that the user MUST authenticate every time they wish to access the app, possibly with a 90sec window if the app is paused.
Is the WebView with OpenID the best solution for me or can anyone recommended a better approach?
I think that the best way to do this is using the AccountManager. The AccountManager actually has the user and password from user's google account, but you can't access that information. You can ask the AccountManager for a token for some account that the user has. If you want a token for a Google account, you have to ask for a "com.google" account. When you ask the AccountManager for a token, an activity will be launched to ask the user if he wants to allow the application access his account.
Also, you can ask for a token that is useful for a kind of service. If you want access to Blogger information. You can ask for "blogger" permission. The token that the AccountManager will give you back, will work only for that service.
The token expires after some time, so you will have to check. When the token doesn't work anymore, you will have to tell the AccountManager, that the token is no more valid. Next time that you ask for a token, the AccountManager will give you a new one.
Look for AccountManager at Google.
http://developer.android.com/reference/android/accounts/AccountManager.html
It works on Android 2.1 and superior versions.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论