Hi Nicolay, Thank you so much for your quick response. I think I was not very clear in my explanation. Just to clarify, earlier I was having the user input their email address and password manually into a form and then verify it with a link sent to their email address.
I am trying to avoid the verification step by using Google auth. It will be no longer necessary once I start using Google auth because, like you said, we know they already authenticated when they registered so we know it is their email address. Isn't it better to use google auth from a phone through the APIs rather than going the OpenID connect route? My only question is that I don't need to work with any of their APIs. Hence, what is the token type to use? Thanks again for your help. Apologize if I missed anything in your response. On Sunday, June 10, 2012 7:38:20 PM UTC-7, Nikolay Elenkov wrote: > > On Mon, Jun 11, 2012 at 11:28 AM, Goat666 wrote: > > > > I am working on an Android application which allows you to use your > email > > account as a user id and any password for authentication. It also > requires a > > verification step where you have to verify that the email address > belongs to > > you. > > What is the verification step and how/where do you perform it? If the > user has a > Google account registered in the AccountManager, they authenticated when > they > registered it, so you can be reasonably sure it's their email address. > If you want > to send them a mail with a link/token to further verify, go ahead and to > it. > You don't need a token from AccountManager for this, just the actual > email address. > > You could use OpenID connect to get and verify user info, in that case get > an > OAuth token such as described here (you need to prefix the scope with > 'oauth2:'): > > http://oauthssodemo.appspot.com/step/1 > > As for the token type not being documented, it is dependent on the > underlying > implementation and service. The Google account related tokens services > are not a > part of the actual SDK, only the AccountManager API is. For > ClientLogin (deprecated) > tokens, you use the service name such as 'ah' (App Engine), 'cl' > (calendar), etc. > Those are documented in ClientLogin documentation. For OAuth2 tokens, you > use > the scope with the 'oauth2' prefix. This works in more recent Android > versions, but > might not support all tokens. > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
