It started launching this morning, to every compatible Android device in the world running Froyo or higher. That’s a lot of devices, and even at Google scale it’ll take some time to roll out. This is a subtle but significant change in the ecosystem.

Google Play services let the Android team release significant new APIs and capabilities to compatible devices without having to upgrade the whole platform. One of the first examples is the new Identity tools.

OAuth 2.0 on Android · I’ve been working on this since early spring, and there’s a post on the Android Developers blog with details, sample code, and so on.

It’s been challenging and fun. Challenging, because it needed a bunch of different groups here at the Googleplex to work together; more than we’re used to, as an end-user-product-focused company.

And fun because OAuth really does seem to combine Pretty Good Security with Pretty Good User Experience. And, especially, because typing your password into a mobile device sucks.

The OAuth developer-experience story has generally not been that great, particularly if you want to operate at the REST level and thus necessarily have to deal with the gritty realities of bearer tokens. But I think the new GoogleAuthUtil class in Google Play services makes it reasonably tractable, and my own AuthorizedActivity class tries to simplify further; it’s there for re-use or (more likely) cut-n-paste.

Futures · There are some other nifty new OAuth-related goodies we’re going to be able to roll out to Android developers; stay tuned.

But OAuth is just an example; the big deal is that the Android platform and ecosystem just got noticeably more agile.



Contributions

Comment feed for ongoing:Comments feed

From: Pedro Félix (Oct 01 2012, at 01:22)

Hi,

Where can I find more information regarding the underneath "magic" that you refet to in this phrase:

"...but it’s worth it, because some magic is happening. When your app is registered and you generate a token and send it to a service provider, the provider can check with Google, which will confirm that yes, it issued that token, and give the package name of the app it was issued to. Those of you who who’ve done this sort of thing previously will be wondering about Client IDs and API Keys, but with this mechanism you don’t need them..."

Thanks

Pedro

[link]

From: example (Oct 02 2012, at 18:14)

"google play services" is a seriously confusing name.

I thought it was either

1) Some kind of API to let apps interact with the play store or

2) Some kind of store for developers to sell web services through the play store (Which could be pretty interesting)

But apparently it doesn't have anything to do with the play store at all except that's where the client is downloaded from.

[link]

From: gunnar (Oct 08 2012, at 08:17)

Short answer - I think its a win, but there is more to do going forward.

Longer answer -

http://mobappsectriathlon.blogspot.com/2012/09/oauth-20-google-learns-to-crawl.html

[link]

From: Antonio Zugaldia (Oct 09 2012, at 06:58)

Loving this release. I'm remembering an old post here about the App Engine REST Client and I was wondering how this core Android OAuth support connects with App Engine now?

[link]

author · Dad
colophon · rights
picture of the day
September 26, 2012
· Technology (90 fragments)
· · Android (64 more)
· · Identity (44 more)

By .

The opinions expressed here
are my own, and no other party
necessarily agrees with them.

A full disclosure of my
professional interests is
on the author page.

I’m on Mastodon!