On Wed, Jan 18, 2012 at 11:11 PM, John Goche <[email protected]> wrote:
>
>
> On Wed, Jan 18, 2012 at 2:21 AM, Nikolay Elenkov <[email protected]>
> wrote:
>>
>> On Wed, Jan 18, 2012 at 7:00 AM, John Goche <[email protected]>
>> wrote:

>
>> We generate the cookie from the token somehow.
>>
>
>> The particular algorithm depends on what authentication mechanism
>> you are using. They are documented here:
>>
>> http://code.google.com/apis/accounts/docs/GettingStarted.html
>> http://code.google.com/apis/accounts/
>
>
> OK, but say I have a google email account. How would I know what
> is being used. I only need to support google accounts in my applications.
> Wouldn't that mean I am using ClientLogin?

All authentication methods use the same account. The token you
get depends on the authType you pass to getAuthToken(). For
OAuth, you need to pass the scope with the oauth2 prefix, something
like 'oauth2:https://myapp.appspot.com'. (I haven't actually used it though).
If it the authType doesn't start with 'oauth2' you are most probably
getting a ClientLogin token.

>
> http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html
>
> In any case, no matter which protocol is being used, AccountManager
> handles the details for you right?

Yes, as long as you pass the right authType, see above.
>

>>
>> Because GWT uses JSON to communicate with the server.
>
>
> But isn't GWT used only if you want to write client code in JavaScript?
> If not using a web browser to access the server this should be irrelevant
> right?

GWT has a client and server part that communicate using JSON.
It doesn't matter what language the client code is written in, you still need
to communicate with the server. In case of a browser it's JavaScript+
XHR (Ajax), in case of Android it is usually HttpClient. If you write it
in Python or Ruby you would use those languages' native HTTP libraries.

>
> Yes, well the Users API is not my concern, the server coding is the easy
> part, it's
> the android bit which gets me somewhat confused.
>

Nothing different or confusing about Android:

1. Get a token (using Account manager, your own code, any other
third party library, doesn't matter).
2. Set the token as the value of the appropriate cookie.
3. Send your request (POST, GET, etc.)

> For instance I don't understand this bit from the AsyncTask of
> setHelloWorldScreenContent()
> in the main acvity file:

You need to know a bit about GWT to understand what this is doing.
It will create a request, send it and receive the response asynchronously
in the Receiver callback. It's part of a framework that's why it's broken
into small bits you extend and compose. You don't need to implement
anything nearly as flexible and if you don't plan to use GWT, there is not
much point in trying to understand how it is implemented.

Just start without authentication and only add it when you have a working
sample. Something like:

1. Write your servlet on App Engine
2. Write the Android client
3. Make sure you can send and receive data (XML).
4. Get an auth token on Android, add it to the request
5. Try to get the user on GAE, once you get a proper user name,
it works.
6. Once this is working set your endpoint to require authentication.
7. Profit :)

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Reply via email to