User Authentication on Android

Поддержка The Movie Database

опубликовано Faiyyaz17
STAFFMOD
, 11 января 2018 в 12:37

Hello,

I m stuck at getting response from this url:

https://www.themoviedb.org/authenticate/request_token?redirect_to=http://www.google.com

as in Android we cant access header of webview & can i know why https://api.themoviedb.org/3/authentication/token/validate_with_login is strongly discouraged?

Please help ASAP

Thank you

2 ответов (на странице 1 из 1)

Ответ от Travis Bell

STAFFMOD

, 16 января 2018 в 13:27

Hi @Faiyyaz17,

Validating with your login exposes your username and password over the air. Even though you can SSL, it's still not that secure since it's a GET method with query parameters.

There's no way to access the response headers from a webview?

Ответ от Chris Krueger

STAFFMOD

, 17 января 2018 в 07:06

You can access the response with WebView.

Build and load your auhorization URI. For example in version 3:

https://www.themoviedb.org/authenticate/{REQUEST_TOKEN}?redirect_to=moviebase://auth/v3

Instantiate WebView and set a WebViewClient. Handle your URI in shouldOverrideUrlLoading. You don't need a matcher if you have only one URI redirection. Check the approve parameter and handle the response request token.

    private static final UriMatcher URI_MATCHER = new UriMatcher(UriMatcher.NO_MATCH);
    URI_MATCHER.addURI("moviebase://auth", "v3", 100);
    URI_MATCHER.addURI("moviebase://auth", "v4", 101);

    public void onCreate(@Nullable Bundle savedInstanceState) {

        // initialise webView
        webView.setWebViewClient(new WebViewClient() {
            @Override
            public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
                Uri uri = request.getUrl();
                return handleUriLoading(view, uri);
            }
        }

    }

    boolean handleUriLoading(WebView view, Uri uri) {
       switch (URI_MATCHER.match(uri)) {
        case 100: 
            // moviebase://auth/v3?request_token=[xxx]&approved=true
            // check approved parameter
            // handle request token
            // ...
            break;
        case 101:
            // request access roken, account details for version 4 etc.
            break;
       }

    }

I strongly recommend Chrome Custo mTab for auhentification. Chrome Custom Tabs give apps more control over their web experience, and make transitions between native and web content more seamless without having to resort to a WebView.

Here is a good explanation:

https://developer.chrome.com/multidevice/android/customtabs

This GitHub project helps for your implemenation:

https://github.com/GoogleChrome/custom-tabs-client

Another GitHub OAuth sample:

https://github.com/openid/AppAuth-Android

Пользователи в этом обсуждении

Категории

Поддержка The Movie Database