App engine authentication with google account for application server

[Skip Morrow]

I am trying to set up an application server on the google app engine. My app currently uses php on a dreamhost server and I do my own authentication. My app is a home automation app where users use some home automation software to send messages to their phone (such as burglar alarm is sounding or the garage door is open). 

I want to change the authentication to google accounts. So here's how I am thinking about doing it.

User installs my app. When they register the app, my app server stores the email address from the google account and uses that as the key for any devices they own. I would use the account chooser activity because it is possible for a phone to have more than one google account.

Once the GCM registration intent is received, store the reg id along with the user on the app server. If the user has any other devices, when they register the app, add their reg ids to the device list on the app server for that user.

Now, when the user wants to send a message their phone, they need to know what account to send it to. Since I stored the email address from the google account, they will use that. So, how will they authenticate with my app server? I mean, if someone guesses my email address, they would be able to send messages to my phone. I don't have access to the user's password through the google account, so do I need to require them to come up with a password just for my app? Furthermore, I would like it if my users could send messages to other phones that they wish, such as for other family members. In that case, they will have different account names (email addresses). I was thinking about requiring the users to come up with their own secret groupname that they could share among anyone that they want to receive the home automation messages.

So anyway, I was just looking for ideas as to how the group here thinks the best way to approach this would be.

[Glenview Jeff]

I too was wondering how to do this and was surprised this isn't already documented/part of the API.  GCM developers, any thoughts?

[Skip Morrow]

I eventually decided that using google authentication probably wasn't the best solution for my application. Since my application is based on users sending GCM messages when they wanted, at their request, which is different than, say, an app that pushes sports scores, which happens when the game is over. For my app, the users can send a message (garage door is open, for instance) when they want, so they have direct access to the application server. They prepare the message and send it to the application server. That message is protected with a username and password. Since I didn't want them sending their google password along with their message (which would then give ME access to their google accounts), I require them to create their own un/pw on the app server, which is different from the google account.

Maybe there is a good way for my app to use the google authentication, but so far I have not been able to figure it out.

By the way, I do use good password practices. I don't store the passwords on my server--they are encrypted with a random salt.

Skip

[Relsell Global]

Well solution given by Skip is right at this time but I guess implement OAuth authentication at Server side could be a better way of solving problem.Mobile user's app on the behalf of user, will get authentication token by quering Google servers. Now along with Google authentication token  you need to send message  payload , and recipient email address (which is already registered to receive gcm messages). 

Doing this way can save  from saving encrypted passwords at  server.

  

--
You received this message because you are subscribed to the Google Groups "android-gcm" group.
To post to this group, send email to andro...@googlegroups.com.
To unsubscribe from this group, send email to android-gcm...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/android-gcm/-/6FggnPOqd-oJ.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Thanks !
We respect your patience and cooperation.!

- Regards

  Relsell
  http://knowledge.relsellglobal.info

[Glenview Jeff]

Thanks for the start Russel, but I'd like some clarification if you wouldn't mind.

Mobile user's app on the behalf of user, will get authentication token by quering Google servers.

I assume you mean querying the Google account servers via the AccountManager, not the GCM servers, right?

Now along with Google authentication token  you need to send message  payload , and recipient email address (which is already registered to receive gcm messages). 

You're talking about sending this message to the GCM servers now, right?  Why would the recipient email address need to be sent?  Shouldn't I instead be sending the Google account authentication token?
 

[Relsell Global]

I assume you mean querying the Google account servers via the AccountManager, not the GCM servers, right?

 

Yes you are right.

 

You're talking about sending this message to the GCM servers now, right?  Why would the recipient email address need to be sent?  Shouldn't I instead be sending the Google account authentication token?
 

Since you are developing an app that can send gcm messages to different users via GCM servers,  so along with Registration IDS , email address for the recipent also required by server side application. Then only message can be sent to intented recipient.

 

--

You received this message because you are subscribed to the Google Groups "android-gcm" group.
To post to this group, send email to andro...@googlegroups.com.
To unsubscribe from this group, send email to android-gcm...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/android-gcm/-/CuuiHZRNxH4J.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Skip Morrow]

I think the discussion has gone down a slightly different path. But that's ok. As long as we are helping each other out. :)

I still think I should not try to use any kind of google authentication. For my app, the users send their desired message from a windows desktop program (home automation software). My app server accepts a specially coded HTTP GET message, which I document and provide to my users. They have to provide a un/pw, otherwise my app server would not know what phone to forward the message to. Since they need to send some sort of username, I *COULD* use their gmail address, but what would I do? Require them to send their gmail password too? No way. So for me, the best solution is to just have them create a simple un/pw on the server.

Unless I am totally not getting how the OAUTH works, I don't see a good solution for me to use google accounts on my app.

Skip

[Glenview Jeff]

Skip, I think we both want exactly the same thing.  I'm pretty sure it's the user_id authentication field you're looking for, not the email address.  That is, unless you actually want the users email address for sending emails to them.

I believe I've since figured out the solution with help from people at Stack Overflow.  See this question and answer.