User Authentication on Android

دعم الموقع

نشر بواسطة Faiyyaz17
STAFFMOD
في يناير 11, 2018 عند الساعة 12:37 مساءا

Hello,

I m stuck at getting response from this url:

https://www.themoviedb.org/authenticate/request_token?redirect_to=http://www.google.com

as in Android we cant access header of webview & can i know why https://api.themoviedb.org/3/authentication/token/validate_with_login is strongly discouraged?

Please help ASAP

Thank you

2 ردود (على هذه الصفحة 1 من 1)

رد بواسطة Travis Bell

STAFFMOD

بتاريخ يناير 16, 2018 في 1:27 مساءا

Hi @Faiyyaz17,

Validating with your login exposes your username and password over the air. Even though you can SSL, it's still not that secure since it's a GET method with query parameters.

There's no way to access the response headers from a webview?

رد بواسطة Chris Krueger

STAFFMOD

بتاريخ يناير 17, 2018 في 7:06 صباحا

You can access the response with WebView.

Build and load your auhorization URI. For example in version 3:

https://www.themoviedb.org/authenticate/{REQUEST_TOKEN}?redirect_to=moviebase://auth/v3

Instantiate WebView and set a WebViewClient. Handle your URI in shouldOverrideUrlLoading. You don't need a matcher if you have only one URI redirection. Check the approve parameter and handle the response request token.

    private static final UriMatcher URI_MATCHER = new UriMatcher(UriMatcher.NO_MATCH);
    URI_MATCHER.addURI("moviebase://auth", "v3", 100);
    URI_MATCHER.addURI("moviebase://auth", "v4", 101);

    public void onCreate(@Nullable Bundle savedInstanceState) {

        // initialise webView
        webView.setWebViewClient(new WebViewClient() {
            @Override
            public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
                Uri uri = request.getUrl();
                return handleUriLoading(view, uri);
            }
        }

    }

    boolean handleUriLoading(WebView view, Uri uri) {
       switch (URI_MATCHER.match(uri)) {
        case 100: 
            // moviebase://auth/v3?request_token=[xxx]&approved=true
            // check approved parameter
            // handle request token
            // ...
            break;
        case 101:
            // request access roken, account details for version 4 etc.
            break;
       }

    }

I strongly recommend Chrome Custo mTab for auhentification. Chrome Custom Tabs give apps more control over their web experience, and make transitions between native and web content more seamless without having to resort to a WebView.

Here is a good explanation:

https://developer.chrome.com/multidevice/android/customtabs

This GitHub project helps for your implemenation:

https://github.com/GoogleChrome/custom-tabs-client

Another GitHub OAuth sample:

https://github.com/openid/AppAuth-Android

المستخدمين في هذه المحادثة

الفئات

دعم الموقع