tags:

views:

61

answers:

1
+3  Q: 

Is it possible for an Android application to use Open-ID service?

I have a C/S solution, which take Android as its client and PHP as its server.

I have my own account system.

I'm wondering whether I could provide my user to login my system with Google Account?

I saw there are web-solution for this, like this stackoverflow.com could use Google Account to directly login.

Is there a solution for C/S system?

+1  A: 

Not without a web browser.

If the user isn't logged in to google (or any other provider), he has to authenticate with the provider first. This is done via a web browser, and you shouldn't even try doing it in any other way (for security reasons, the user should be sure that he is connected to the provider, for example by seeing the url in his browser).

However, even if the user is logged in, the provider needs to know that -- usually using a cookie. And cookies are stored within a web browser. So in theory, you could parse the browser's cookie file, and then try immediate authentication, but that won't work until you login and authorize the relying party via a web browser first.

Mewp  2010-08-06 11:06:33
Can I use a WebView for this? Or other, invoke the ChromeLite in Android for this authentication and get result back from it?
Johnny  2010-08-07 08:38:07
If WebView sends/stores cookies, you can. As for getting the information back, your server will receive the data from OP, since the server must be the RP (and it must have an http server, to handle the response). How will the server notify the client that it has authenticated is another problem. Generally, a possible solution would be that the client opens a browser window pointing to `http://server:port/random_token`, which redirects to the op, op redirects back to the server after auth, then server notifies the client identified by `random_token` of the auth result.
Mewp  2010-08-07 13:32:29

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?