I just installed NewsRob. Just wondering why we need to enter our
Google credentials, since we are already authenticated to the phone.
Gmail, calendar, etc. sync without entering our credentials again.
Hey Erglmop,
just quickly: There is currently no official way to do this properly. And
security is not really the right place to use shortcuts. Right now, asking
the user for his or her credentials seems the best way to me.
Ok, here is the long story:
There is two qualities to that: convenience and security.
For convenience reasons it would be great if you wouldn't have to provide
your Google credentials to the apps separately. But even from the
convenience point of view this is only (a little) convenient to some and
very inconvenient to others. There are users that don't want to use the same
account for the phone (e.g. gmail) and for their Google Reader account. This
is very often the case for users of Google Apps for your Domain users.
There is some "pragmatic" solution used by some programmers, but it is
nothing official and doesn't significantly improve security. I decided that
the little convenience gain you can get with that solution is not worth
going down a slippery slope.
Regarding security. An ideal solution would be that NewsRob fires an
intent that it wan't to access the Google Reader part of your Google account
and a Google app answers that intent (that's the cross-app re-use mechanism
on Android), verifies it, asks the user to grant the permission to NewsRob
and then returns an authentification-token that authorizes NewsRob to only
use the Google Reader part of your account.
Ideally the Google app would let you chose between the phone's identity and
other Google accounts you may have, but I would already be happy without
that.
If there would be a proper solution from Google I would implement it right
away.
Btw. for me this is not an ideal situation too. This issue comes up
regularly, I get bad ratings and had to implement my own login mechanism
that doesn't add any NewsRob-value to the app.
I hope you understand and star the bug report from above, not that I am
holding my breath for Google to act on it right away.
On Fri, Sep 11, 2009 at 3:08 AM, Erglmop <adres...@gmail.com> wrote:
> Mariano,
> I just installed NewsRob. Just wondering why we need to enter our
> Google credentials, since we are already authenticated to the phone.
> Gmail, calendar, etc. sync without entering our credentials again.
Thank you for your in-depth reply. It's interesting that google does
not allow third party access to their services through the
authenticated phone. Doesn't sound like they will, either, since the
issue has not been fixed in 1.5. It's less an issue of inconvenience
for me, but rather the reluctancy to enter my google credentials in a
third party app. I agree with your ideal solution, which you posted
on the Android code issue, of using intents and allowing the end user
to decide which account to use.
Thanks,
Erg
On Sep 11, 4:28 am, Mariano Kamp <mariano.k...@gmail.com> wrote:
> Hey Erglmop,
> just quickly: There is currently no official way to do this properly. And
> security is not really the right place to use shortcuts. Right now, asking
> the user for his or her credentials seems the best way to me.
> Ok, here is the long story:
> There is two qualities to that: convenience and security.
> For convenience reasons it would be great if you wouldn't have to provide
> your Google credentials to the apps separately. But even from the
> convenience point of view this is only (a little) convenient to some and
> very inconvenient to others. There are users that don't want to use the same
> account for the phone (e.g. gmail) and for their Google Reader account. This
> is very often the case for users of Google Apps for your Domain users.
> There is some "pragmatic" solution used by some programmers, but it is
> nothing official and doesn't significantly improve security. I decided that
> the little convenience gain you can get with that solution is not worth
> going down a slippery slope.
> Regarding security. An ideal solution would be that NewsRob fires an
> intent that it wan't to access the Google Reader part of your Google account
> and a Google app answers that intent (that's the cross-app re-use mechanism
> on Android), verifies it, asks the user to grant the permission to NewsRob
> and then returns an authentification-token that authorizes NewsRob to only
> use the Google Reader part of your account.
> Ideally the Google app would let you chose between the phone's identity and
> other Google accounts you may have, but I would already be happy without
> that.
> If there would be a proper solution from Google I would implement it right
> away.
> Btw. for me this is not an ideal situation too. This issue comes up
> regularly, I get bad ratings and had to implement my own login mechanism
> that doesn't add any NewsRob-value to the app.
> I hope you understand and star the bug report from above, not that I am
> holding my breath for Google to act on it right away.
> Cheers,
> Mariano
> On Fri, Sep 11, 2009 at 3:08 AM, Erglmop <adres...@gmail.com> wrote:
> > Mariano,
> > I just installed NewsRob. Just wondering why we need to enter our
> > Google credentials, since we are already authenticated to the phone.
> > Gmail, calendar, etc. sync without entering our credentials again.
same topic, but new question: Mariano, I don't know whether you solved it already, just quick check.
I have heard from many of my friends whom I recommend NR (they all think it is cool!) a note that it is odd to click refresh button to enter your Google Credentials when you use NR for the first time. why not to ask when you start the app?
Well, it's a little hard to distinguish between the first time use and after
"Logout and Clear Cache", but I see your point Yelena.I will put it on my
TODO list.
Cheers,
Mariano
On Mon, Sep 14, 2009 at 2:35 PM, Yelena Jetpyspayeva <mur...@gmail.com>wrote:
> same topic, but new question:
> Mariano, I don't know whether you solved it already, just quick check.
> I have heard from many of my friends whom I recommend NR (they all think it
> is cool!) a note that it is odd to click refresh button to enter your Google
> Credentials when you use NR for the first time. why not to ask when you
> start the app?
> Well, it's a little hard to distinguish between the first time use and
> after "Logout and Clear Cache", but I see your point Yelena.I will put it
> on my TODO list.
> Cheers,
> Mariano
> On Mon, Sep 14, 2009 at 2:35 PM, Yelena Jetpyspayeva <mur...@gmail.com>wrote:
>> same topic, but new question:
>> Mariano, I don't know whether you solved it already, just quick check.
>> I have heard from many of my friends whom I recommend NR (they all think
>> it is cool!) a note that it is odd to click refresh button to enter your
>> Google Credentials when you use NR for the first time. why not to ask when
>> you start the app?
>> me
-- ________________________________
sincerely,
Yelena Jetpyspayeva,
journalist, New Media consultant
> Well, it's a little hard to distinguish between the first time use and after
> "Logout and Clear Cache", but I see your point Yelena.I will put it on my
> TODO list.
> Cheers,
> Mariano
> On Mon, Sep 14, 2009 at 2:35 PM, Yelena Jetpyspayeva <mur...@gmail.com>wrote:
> > same topic, but new question:
> > Mariano, I don't know whether you solved it already, just quick check.
> > I have heard from many of my friends whom I recommend NR (they all think it
> > is cool!) a note that it is odd to click refresh button to enter your Google
> > Credentials when you use NR for the first time. why not to ask when you
> > start the app?
> Oh and I forgot to mention that this also means that the user makes a
> sync first and then goes to the settings screen.
> But I meanwhile agree it is still smoother this way.
> So from NR 3.1.0 (rolling out now) on you will be forwarded to the
> login screen after you accepted the license.
> On Sep 14, 3:59 pm, Mariano Kamp <mariano.k...@gmail.com> wrote:
> > Well, it's a little hard to distinguish between the first time use and
> after
> > "Logout and Clear Cache", but I see your point Yelena.I will put it on my
> > TODO list.
> > Cheers,
> > Mariano
> > On Mon, Sep 14, 2009 at 2:35 PM, Yelena Jetpyspayeva <mur...@gmail.com
> >wrote:
> > > same topic, but new question:
> > > Mariano, I don't know whether you solved it already, just quick check.
> > > I have heard from many of my friends whom I recommend NR (they all
> think it
> > > is cool!) a note that it is odd to click refresh button to enter your
> Google
> > > Credentials when you use NR for the first time. why not to ask when you
> > > start the app?
> > > me
-- ________________________________
sincerely,
Yelena Jetpyspayeva,
journalist, New Media consultant
