Login/Register
C2DM server. Should we use OAuth now?
Asked Answered
Solved android.netoauthandroid-c2dm
R

3

3

I'm implementing C2DM for my Android app. Client side (Android) went well, but I'm little bit confused on implementing server side.

My server is C#/.NET. Official documentations links to 404 when it comes to authentication: https://developers.google.com/android/c2dm/#handling_reg

I found another page: https://developers.google.com/accounts/docs/AuthForInstalledApps

But it says deprecated. So, I'm not sure what to do now. Go with deprecated functionality or learn how to use OAuth? (never done this before)

If I go with OAuth - what should I pass in here: Authorization: GoogleLogin auth=[AUTH_TOKEN] ?

Any pointers on this subject will be appreciated

Recent post from Google sounds like Client Login is the way to go... http://android-developers.blogspot.com/2012/04/android-c2dm-client-login-key.html

Radioman answered 2/6, 2012 at 1:55 Comment(2)
Ah, good find with that link on android-developers. It helps confirm my position, but also looks like good advice for all of us to make sure we're properly handling key expiration.Gramnegative
I got more answers and yes, OAuth supported! groups.google.com/forum/?fromgroups#!topic/android-c2dm/…Radioman
G
3

I recently started setting up C2DM myself, and I had the same confusion you did when I saw the deprecation notice. My best understanding is that while Google is moving to OAuth 2 for most services, deprecating ClientLogin, C2DM still uses ClientLogin, so that's what you have to use in this case.

Rationale:

  • Absolutely everything in the (up-to-date and frequently updated) C2DM documentation explicitly refers to ClientLogin, strongly suggesting that the service is tied to this particular authorization method. ClientLogin is explicitly mentioned 11 times, while no mention is made to OAuth or to any other possible means of authentication.

In short, I believe that you must use ClientLogin for C2DM and should ignore the fact that it is deprecated for other Google services that are better served by OAuth. It doesn't appear that anything other than ClientLogin is intended to be used with C2DM in the foreseeable future.

Gramnegative answered 2/6, 2012 at 2:5 Comment(5)
Is there any official say that it is still using OAuth? All links to authentication broken on C2DM page, It's a new development, I don't want to start it on deprecated technology unless OAuth won't be available on C2DM for a long time..Radioman
The C2DM page links in several places to the same page you linked to (AuthForInstalledApps) and seems very clear that ClientLogin is the way to go. Several of the links are broken, as you pointed out, only because they need to be updated to the new, slightly different URL.Gramnegative
I'm new to both of them too, it doesn't matter which one to implement. From what I understand you wrong on #2 because they do support OAuth for server. developers.google.com/accounts/docs/OAuth2#serviceaccount ClientLogin will be gone in 2015? OTH OAuth in .NET going to be PITA just because I will have to bring at least 2 external dependencies to the project..Radioman
Also, for ClientLogin, which UN/Password should I use? I requested C2DM access but was asked only about sender email...Radioman
You're right, so I removed that part from my answer. Still, it seems clear ClientLogin is all they have in mind for C2DM. You use the username and password that you set up as the sender. Since you have to store it on your server (to get a new token when the old one expires), that means you should set up a special account with a unique password just for C2DM and re-sign up for C2DM with that account as the sender.Gramnegative
R
2

I think OAuth 2.0 is the way to go. I first used ClientLogin for C2DM, but found that there is no managment of issued authorization codes. Even when I revoked access using the Google Account Authorize Access page, I was still able to send messages to my device using authorization codes issued before! Furthermore, I didn't like the idea of storing Google credentials somewhere to obtain authorization codes.

OAuth 2.0 is slightly more complicated, but now that I understand it, I find it much more elegant than ClientLogin.

Basically one generates an OAuth Client ID, OAuth Client secret and a Refresh Token using Google's OAuth 2.0 Playground. These can be used to obtain (refresh) an Access Token that is valid for limited time (usually 1 hour). The Access Token is then used to send messages using C2DM.

I followed this tutorial to set it up, and it works like a charm!

Roden answered 15/6, 2012 at 20:41 Comment(0)
D
0

Did you see this Java example?

http://code.google.com/p/google-api-java-client/wiki/OAuth2Draft10

It's easy to understand in my opinion.

Dysphemia answered 2/6, 2012 at 2:11 Comment(1)
2 problems - my server is .NET and I'm not sure if OAuth is what going to work with C2DMRadioman

© 2022 - 2024 — McMap. All rights reserved.