我想迁移使用OAuth 1.0A到的OAuth 2.0 Android应用程序。 （使用谷歌API客户端库的Java / Android的我的OAuth 2.0的需要）。

什么是访问使用OAuth 2.0的Andr​​oid平台，考虑到易用性方面，以及对谷歌的API的最佳/ preferred解决方案。用户应该能够autorize以一种简单的方式访问，与我的Andr​​oid应用程序无缝集成。

应用程序正在使用的OAuth 1.0基于Web的流量，在我的应用程序会弹出一个浏览器，让用户授权访问，并使用自定义的重定向URI，我的应用程序能够获取一个访问令牌。它的工作原理pretty的好，但我不喜欢的事实，我需要离开，以弹出一个布劳尔显示网页我的应用程序。我的想法是的OAuth 2.0可能会解决这个问题，并允许有更好的用户体验。

我开始寻找在的Adroid的AccountManager-OAuth2集成概述在谷歌IO 的，因为它不涉及一个网页浏览器，并更紧密地结合Android的，但它只是不工作应该的方式。它不记录，并且目前还不清楚这是否仍是一个可行的选择未来。

我现在已经着手调查这一标准的OAuth 2.0的网络流量。

在这里，我似乎有2个选择：

配置的OAuth 2.0客户端所安装的应用程序，并使用金塔：IETF：WG：OAuth的：2.0：OOB重定向URI

不是很干净的解决方案，因为我不会让我的用户复制粘贴一些code到我的应用程序。这不是用户友好的。

借助使用OAuth 2.0访问谷歌的API文档何况，有投票某种方式页的标题解析出的URL，但我也看到了很多与可用性的问题，真的不觉得自己写这种管道code。如果客户端库中存在，将做到这一点对我来说，我很乐意进一步调查，但现在，我已经放弃了这一选项。

配置的OAuth 2.0客户端的web应用程序，并使用重定向URI。

下面我注意到非标准方案禁止的OAuth 2.0。之前，有可能使用类似XOAUTH：//回调，但是这是不允许了。 在配置重定向如 http://mysite.com/oauth2/callback URI，我无法有Android的打开我的活动时，谷歌的OAuth 2.0页面重定向，尽管有设置一个合适的意图过滤器了。该 http://mysite.com/oauth2/callback 是简单地显示在浏览器中。

下面做工作

 意向书我=新的意图（Intent.ACTION_VIEW，Uri.parse（http://mysite.com/oauth2/callback））;
startActivity（ⅰ）;
 

但是，当谷歌的OAuth 2页面重定向到相同的URL，它只是显示在浏览器中。

即使这样的工作，用户仍然会psented与选择器弹出（使用我的Andr​​oid活动在浏览器中打开或打开）$ P $。从可用性的角度看，这也是不能接受的。

我在寻找比这里列出的那些更好的解决方案。

问候， 戴维

我结束了使用的WebView组件来加载了谷歌授权网址。 使用WebviewClient，我能够拦截网页加载到web视图，正因为如此，用户接受或拒绝的授权请求的时候，我才得以继续流动。

如果用户接受，这谷歌重定向到URL中包含一个code的请求参数，并且应用程序能够换取一个的OAuth 2.0令牌。 如果用户不接受，即谷歌重定向到URL包含错误的请求参数，以及应用程序可以处理非愉快的场景。

我已经写下来的一切：的Oauth 2.0流安卓

该帖子还包含使用的OAuth 2.0流与纬度API的样本Android应用程序。 样品code可在GitGub 。

I'm trying to migrate an Android application using OAuth 1.0a to OAuth 2.0. (using the Google API Client Library for Java/Android for my OAuth 2.0 needs).

What is the best/preferred solution for accessing Google APIs using OAuth 2.0 on an Android platform that takes into account the usability aspect as well. The user should be able to autorize access in an easy way, seamlessly integrating with my Android app.

The application is currently using the OAuth 1.0 web based flow, where my application pops a browser to let the user authorize access, and using a custom redirect URI, my application is capable of retrieving an access token. It works pretty well, but I didn't like the fact that I need to leave my app in order to pop a brower to display a webpage. I was thinking that OAuth 2.0 might work around this, and allow for a better user experience.

I started looking at the Adroid AccountManager-OAuth2 integration as outlined at Google IO, as it doesn't involve a webbrowser, and is more tightly coupled with Android, but it is simply not working the way it should. It's not documented, and unclear if it will remain a viable option for the future.

I've now started investigating the standard OAuth 2.0 web flow.

Here I seem to be having 2 options :

Configure the OAuth 2.0 client as an installed app, and use the urn:ietf:wg:oauth:2.0:oob redirect URI.

Not very clean solution, as I'm not going to have my users copy-paste some code into my app. This is not user-friendly at all.

The Using OAuth 2.0 to Access Google APIs docs mention that there is some way of polling the title of the page to parse out the URL, but I also see a lot of usability issues with that, and don't really feel like writing this kind of plumbing code. If a client library exists that would do that for me, I'd be happy to investigate this further, but for now, I've dropped this option.

Configure the OAuth 2.0 client as a webapp, and use a redirect URI.

Here I noticed non-standard schemes are prohibited in OAuth 2.0. Before, it was possible to use something like xoauth://callback, but that's not allowed anymore. When configuring a redirect URI like http://mysite.com/oauth2/callback, I'm unable to have Android open up my activity when the Google OAuth 2.0 page redirects, despite having setup a proper intent filter for it. The http://mysite.com/oauth2/callback is simply displayed in my browser.

The following does work

Intent i = new Intent(Intent.ACTION_VIEW,Uri.parse("http://mysite.com/oauth2/callback"));
startActivity(i);

But when the Google OAuth 2 page redirects to that same URL, it is simply displayed in the browser.

Even if this would work, the user would still be presented with a chooser popup (open in browser or open using my Android Activity). From a usability perspective, this is also not acceptable.

I'm looking for a better solution than the ones outlined here.

Regards, Davy

I ended up using a WebView component to load up the Google Authorization URL. Using a WebviewClient, I was able to intercept the pages being loaded into the Webview, and as such, when the user accepts or denies the authorization request, I was able to continue the flow.

If the user accepts, the URL that Google redirects to contains a "code" request param, and the application is able to exchange it for an OAuth 2.0 token. If the user does not accept, the URL that Google redirects to contains a "error" request param, and the application can handle the non-happy scenario.

I've written down everything in a blog post : Oauth 2.0 flow in Android

The post also contains a sample Android app using the OAuth 2.0 flow with the Latitude API. Sample code is available in GitGub.