RE: Deep link to vehicle in official Car2Go app

[Nico Witteman]

Bernd,
For the function of finding cars, the user does not have to enter his credentials. Only for making and cancelling reservations this is needed. See the documentation.

Nico

---

Van: Bernd Binder
Verzonden: ‎10-‎2-‎2014 10:54
Aan: car2go-...@googlegroups.com
Onderwerp: Re: Deep link to vehicle in official Car2Go app

Hi Mathias,

I have no idea why they have been deleted yesterday.

About the DeepLinks: This is very sad.

As i think about the "normal" user, he can't see that its not my App he is giving his userdata and might be afraid to enter them in my app.

As people get more and more afraid about collecting data on 3rd party side, it would be great to have another solution so that the official car2go-App can be used as "secure backend" for just making a reservation i.e. (i would be just interested to assign a reservation).

This behaviour could be realized in your official App quiet easy using deeplinks just transporting the car-id from my app to yours.

Probably you can think about it for future releases.

Best Regards,

Bernd

Am Montag, 10. Februar 2014 10:40:45 UTC+1 schrieb mathias.goeppel:

Hi,

there is no such thing as deep links into car2go website or app. The only way is to implement the protected OpenAPI functions to do the reservations and cancellations.

@Bernd: Do not know how it came that your posts have been deleted. I didn't do that.

Regards - mathias goeppel

Am Sonntag, 9. Februar 2014 16:34:09 UTC+1 schrieb Bernd Binder:

This is exactly what i also would like to know!

@Anton: Did you find a solution?

@c2g: since 3 weeks no reply?

Am Montag, 20. Januar 2014 21:09:47 UTC+1 schrieb Anton Legoo:

Hello,

I'm adding C2G locations to my app, but don't want to handle booking reservations. Does anyone know of a way to link directly to a free vehicle in the official Car2Go app or website?

--
You received this message because you are subscribed to the Google Groups "car2go OpenAPI" group.
To unsubscribe from this group and stop receiving emails from it, send an email to car2go-openap...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Bernd Binder]

Hi Nico,

due to you sent his message directly to my email i will reply to it directly ;)

I know that finding cars is possible without userdata (i will implement as soon as i receive my developer-id ... ;), 

but for just doing a reservation (no cancelling) i need OAuth. 

And as I wrote before - Users have to enter their userdata in "my" app - pretty sure they can't see or realize it's not my App asking for it and so they might be afraid to give their data to a foreign person.

So my suggestions for this problem would be:

- on Oauth-Login write clearly thats an official c2g-Site and what this site is for

- implement deeplinks for simple events in official app. this would be best solution for the User and for DEVs, cause then all Userdata events are handled by the trustfull original car2go app.

Just my suggestions and probably one day you'll like them ;)

Regards,

Bernd Binder

2014-02-10 11:56 GMT+01:00 Nico Witteman <nico.w...@gmail.com>:

Bernd,
For the function of finding cars, the user does not have to enter his credentials. Only for making and cancelling reservations this is needed. See the documentation.

Nico

---

Van: Bernd Binder
Verzonden: 10-2-2014 10:54

[Nico Witteman]

Bernd,

As a matter of fact, users don’t enter their data in your app. You receive a url from the oauth-call which leads them to the car2go site – not oauth - , which states clearly that they are about to grant permission to your app. It is up to you how you embed or show the car2go page.

It is not as bad as you think it is.

 

I really don’t see how you envision such a deep link and how you would handle user authorisation there.

 

Kind regards,

Nico Witteman

[Bernd Binder]

Hi Nico,

first of all: Congratulations to the 3-Medal-Party in Sotchi yesterday for the Dutch Icerace-Team ;)

Probably i am too anxious about userdata.

I'll give OAut a try - as I don't have any other chance ;)

Deep links can be realized for examle as real http-links:

http://stackoverflow.com/questions/1609573/intercepting-links-from-the-browser-to-open-my-android-app

So you can register (as example) the virtual host" car2goapp.com" in your Manifest.

As soon as i provide a link like "http://car2goapp.com/reservation/**car-id**" and the user klicks on it, he will be forwarded to official app where he is authenticated as user already and can process the reservation - of course your app have to catch the link and provide the requested view.

So i dont need OAuth, User have to enter Details only once and me, user and car2go can be sure the reservation works - even you canche API or any other Details in process ;)

This workflow i embedded in one of my apps for Bike-Tracks. If I have a track which i also have in the App 'komoot' (which is a navigation system) i klick on link "open in komoot", the komoot-app is starting and direktly goes to navigation and loading the track specified in Link. For komoot it works with ther common Links they provide on their homepage for tracks http://www.komoot.de/tour/r2180173 . So if you would klick on this Link your mobile asks you to open in Browser or komoot (if komoot installed). Choose komoot and you are done.

Nico, sorry for writing that much, but i love the idea of deep-links, cause you can have a real interaction between apps, which provides much more speed and the user will do certain workflows in the app he is used to ("where he normally does it").

Best Regards from Stuttgart,

Bernd

[Nico Witteman]

Hallo Bernd,

And more medals!

 

User data and protection of them is very important, I agree. The issue is: how do we convince our users that they are in good hands? Oauth is one such method: it abstracts the authorisation from the application. Deep linking might be a good idea if a) it is 100% clear that this is not you app, but the official one (but why would it not be spoofed?), b) the platform allows for it. For Android, you method may work, but for Windows? For Apple? For platforms that are not supported by “official apps” in the first place? I think you create some dependencies here.

 

Plus, using API’s gives you more freedom over how to implement the functionality.

 

By the way: I am not related to car2o, this is just my 2 cts. Maybe I am just so glad that I finally mastered the oauth protocol that I will defend it till the very end:-)

 

Kind regards,

 

Nico Witteman

Creator of Carthago

www.wittyman.nl/carthago

www.wittyman.nl/carthagowp

[Bernd Binder]

Hi Nico,

iOS also supports DeepLinks, and so I think on WinPhones it will work also ;)

About spoofing  to collect userdata: 

Who will guarantee, that you do not spoof the OAuth-Page?

I can never see, if the OAuth page is spoofed or not - or do you have any hints?

Using deeplinks i can see if it is original-App or not (requested App ist starting/Taskmanager/Recent Tasks/...)

As you've masterd the OAuth it's now up to you to post a walkthrough for all of us! 

Can't wait for it ;)

Best wishes - also for even more medals!

Bernd

[Nico Witteman]

Bernd,
It is not the oauth page, it is a page of car2go.com implementing the oauth protocol. the user can check the URL if you show the address bar in the browser.

There is plenty documentation on oauth. Find yourself a good library which hides the details. Finding out how to do it is part of the fun!
Good luck,

Nico

---

Van: Bernd Binder
Verzonden: ‎15-‎2-‎2014 10:52

Aan: car2go-...@googlegroups.com
Onderwerp: Re: Deep link to vehicle in official Car2Go app

--