User Authentication on Android

The Movie Database 支持

Faiyyaz17
STAFFMOD
发布于 2018 年 01 月 11 日 12:37下午

Hello,

I m stuck at getting response from this url:

https://www.themoviedb.org/authenticate/request_token?redirect_to=http://www.google.com

as in Android we cant access header of webview & can i know why https://api.themoviedb.org/3/authentication/token/validate_with_login is strongly discouraged?

Please help ASAP

Thank you

2 回复（第 1 页，共 1 页）

Travis Bell 的回复

STAFFMOD

于 2018 年 01 月 16 日 1:27下午

Hi @Faiyyaz17,

Validating with your login exposes your username and password over the air. Even though you can SSL, it's still not that secure since it's a GET method with query parameters.

There's no way to access the response headers from a webview?

Chris Krueger 的回复

STAFFMOD

于 2018 年 01 月 17 日 7:06上午

You can access the response with WebView.

Build and load your auhorization URI. For example in version 3:

https://www.themoviedb.org/authenticate/{REQUEST_TOKEN}?redirect_to=moviebase://auth/v3

Instantiate WebView and set a WebViewClient. Handle your URI in shouldOverrideUrlLoading. You don't need a matcher if you have only one URI redirection. Check the approve parameter and handle the response request token.

    private static final UriMatcher URI_MATCHER = new UriMatcher(UriMatcher.NO_MATCH);
    URI_MATCHER.addURI("moviebase://auth", "v3", 100);
    URI_MATCHER.addURI("moviebase://auth", "v4", 101);

    public void onCreate(@Nullable Bundle savedInstanceState) {

        // initialise webView
        webView.setWebViewClient(new WebViewClient() {
            @Override
            public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
                Uri uri = request.getUrl();
                return handleUriLoading(view, uri);
            }
        }

    }

    boolean handleUriLoading(WebView view, Uri uri) {
       switch (URI_MATCHER.match(uri)) {
        case 100: 
            // moviebase://auth/v3?request_token=[xxx]&approved=true
            // check approved parameter
            // handle request token
            // ...
            break;
        case 101:
            // request access roken, account details for version 4 etc.
            break;
       }

    }

I strongly recommend Chrome Custo mTab for auhentification. Chrome Custom Tabs give apps more control over their web experience, and make transitions between native and web content more seamless without having to resort to a WebView.

Here is a good explanation:

https://developer.chrome.com/multidevice/android/customtabs

This GitHub project helps for your implemenation:

https://github.com/GoogleChrome/custom-tabs-client

Another GitHub OAuth sample:

https://github.com/openid/AppAuth-Android

关注此讨论的用户

分类

The Movie Database 支持