Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

Java Android App, Identify the user

views
     
TSnarf03
post Nov 13 2018, 04:15 AM, updated 6y ago

Look at all my stars!!
*******
Senior Member
4,545 posts

Joined: Dec 2004
From: Metro Prima, Kuala Lumpur, Malaysia, Earth, Sol


I need a easy way to identify or track the user, and i dont want to create a page to force user to register or trust my app with their password. I found some code on the net that should allow me to know what google account the device has logged on.

CODE
AccountManager manager = (AccountManager) getSystemService(ACCOUNT_SERVICE);
Account[] list = manager.getAccounts();
String gmail = null;

for(Account account: list)
{
   if(account.type.equalsIgnoreCase("com.google"))
   {
       gmail = account.name;
       break;
   }
}


I want to know if its a perfect way of doing user identification ? Wondering if its possible to have 0 or more than 1 google account on an android device or what problems i might encounter ?

Or is it possible to "cheat", like adding the accounts into the device without the account ownership ?

This post has been edited by narf03: Nov 13 2018, 04:29 AM
bumpo
post Nov 13 2018, 03:07 PM

On my way
****
Junior Member
632 posts

Joined: Mar 2013


seen those apps or even website that have those "login with fbook, gmail, etc" options?
that's what you are looking for

in a nutshell user does not login to your app with their credentials. they login to fbook, gmail, etc and obtain a token which is then passed to your app. your app will use this token to talk back to fbook, gmail, etc to ascertain that the user's is who they claim they are.

TSnarf03
post Nov 13 2018, 03:45 PM

Look at all my stars!!
*******
Senior Member
4,545 posts

Joined: Dec 2004
From: Metro Prima, Kuala Lumpur, Malaysia, Earth, Sol


QUOTE(bumpo @ Nov 13 2018, 03:07 PM)
seen those apps or even website that have those "login with fbook, gmail, etc" options?
that's what you are looking for

in a nutshell user does not login to your app with their credentials. they login to fbook, gmail, etc and obtain a token which is then passed to your app. your app will use this token to talk back to fbook, gmail, etc to ascertain that the user's is who they claim they are.
*
yes, saw that, called firebase or something like that, we know how it works, but user dont, they might still think we are collecting their password through it.
bumpo
post Nov 13 2018, 04:12 PM

On my way
****
Junior Member
632 posts

Joined: Mar 2013


QUOTE(narf03 @ Nov 13 2018, 03:45 PM)
yes, saw that, called firebase or something like that, we know how it works, but user dont, they might still think we are collecting their password through it.
*
i dont think this will be an issue as this sort of authorization (not authentication) has been around for awhile.
Since you are building this type of "login style", i assume your targeted users should be familiar enough with this sort of login and should be no problem.
However if your targeted users are those that are more familiar with the traditional login/pass and not comfortable with this login style then perhaps the answer to your problem is not in the coding but in design decision instead?
is this login style suitable in first place? or does user need to have training to familiarize and build confidence that your app does not see any of their credentials?

malleus
post Nov 14 2018, 07:30 PM

Look at all my stars!!
*******
Senior Member
2,096 posts

Joined: Dec 2011
QUOTE(narf03 @ Nov 13 2018, 03:45 PM)
yes, saw that, called firebase or something like that, we know how it works, but user dont, they might still think we are collecting their password through it.
*
Personally I would recommend using the existing auth mechanisms, either google login or Facebook login. Both google and Facebook has already put sufficient effort into educating users on this.

Just make sure that you’re following their recommended guidelines and stuff then it will be clear to the users that you’re not collecting their username and passwords
TSnarf03
post Nov 15 2018, 05:18 AM

Look at all my stars!!
*******
Senior Member
4,545 posts

Joined: Dec 2004
From: Metro Prima, Kuala Lumpur, Malaysia, Earth, Sol


I just have a look into google firebase authentication module, and noticed that, programmers can collect those email and password.

https://firebase.google.com/docs/auth/web/password-auth

CODE

firebase.auth().signInWithEmailAndPassword(email, password).catch(function(error) {
 // Handle Errors here.
 var errorCode = error.code;
 var errorMessage = error.message;
 // ...
});


its the programmer that get the email/password from the ui(textboxes) and validate through google firebase, so its not a secured system from the programmers.
malleus
post Nov 15 2018, 07:14 AM

Look at all my stars!!
*******
Senior Member
2,096 posts

Joined: Dec 2011
QUOTE(narf03 @ Nov 15 2018, 05:18 AM)
I just have a look into google firebase authentication module, and noticed that, programmers can collect those email and password.

https://firebase.google.com/docs/auth/web/password-auth

CODE

firebase.auth().signInWithEmailAndPassword(email, password).catch(function(error) {
 // Handle Errors here.
 var errorCode = error.code;
 var errorMessage = error.message;
 // ...
});


its the programmer that get the email/password from the ui(textboxes) and validate through google firebase, so its not a secured system from the programmers.
*
Do try reading up the Facebook or google API docs and API details. They’ll provide you with the login screen to use. In other words you do not handle the part that accepts the users username and password
bumpo
post Nov 16 2018, 03:00 PM

On my way
****
Junior Member
632 posts

Joined: Mar 2013


QUOTE(narf03 @ Nov 15 2018, 05:18 AM)
I just have a look into google firebase authentication module, and noticed that, programmers can collect those email and password.

https://firebase.google.com/docs/auth/web/password-auth

CODE

firebase.auth().signInWithEmailAndPassword(email, password).catch(function(error) {
 // Handle Errors here.
 var errorCode = error.code;
 var errorMessage = error.message;
 // ...
});


its the programmer that get the email/password from the ui(textboxes) and validate through google firebase, so its not a secured system from the programmers.
*
this specific implementation that you are looking at is not the same as the one i or malleus described. the ones we described, the login page itself is from google/fbook/etc which means the submitted login+pass is direct to their server and never your application.

the one you are looking at is where you use your own login page which submits to your own authentication code which in turn authenticate with google/fbook/etc
this is not what you want as per your own stated objective
tboxmy
post Dec 17 2018, 02:56 PM

Casual
***
Junior Member
475 posts

Joined: Oct 2006


Gets simple once you have done once.

 

Change to:
| Lo-Fi Version
0.0136sec    0.44    5 queries    GZIP Disabled
Time is now: 29th March 2024 - 10:23 PM