1

I am starting to work on an app which deals with user logging in, registering, viewing their authenticated information (profile, etc.) I have seen the template login activity in the android. It seems like a good starting point, but I'm not really sure where to go from here.
I was wondering what are the best practices on managing such an app in android. I have gone through Authorization and AccountManager, but discovered that I don't want any of these in my app. Because I don't want to keep my account which can be viewed by user from "Accounts and Sync".
User shall be authenticated/registered using web services.
So once I have authenticated, where do I store the credentials? Do I need to encrypt it if I end up storing it in SharedPreferences?
How do I manage sessions while the user is browsing inside the app?

Also, any tutorials/discussions on this topic will be very helpful :)

Jazib
  • 1,200
  • 1
  • 16
  • 39

1 Answers1

0

Despite writing it off, it sounds like you're looking for AccountManager. The legacy SampleSyncAdapter project in the AndroidSDK includes a complete example of how to use it for exactly the sort of credential and session management you describe:

 /**
 * This class is an implementation of AbstractAccountAuthenticator for
 * authenticating accounts in the com.example.android.samplesync domain. The
 * interesting thing that this class demonstrates is the use of authTokens as
 * part of the authentication process. In the account setup UI, the user enters
 * their username and password. But for our subsequent calls off to the service
 * for syncing, we want to use an authtoken instead - so we're not continually
 * sending the password over the wire. getAuthToken() will be called when
 * SyncAdapter calls AccountManager.blockingGetAuthToken(). When we get called,
 * we need to return the appropriate authToken for the specified account. If we
 * already have an authToken stored in the account, we return that authToken. If
 * we don't, but we do have a username and password, then we'll attempt to talk
 * to the sample service to fetch an authToken. If that fails (or we didn't have
 * a username/password), then we need to prompt the user - so we create an
 * AuthenticatorActivity intent and return that. That will display the dialog
 * that prompts the user for their login information.
 */

(But see also this answer about a failing of that sample.)

It does authentication via web services, handles encryption, and otherwise sounds like exactly what you're looking for. If there's a particular reason you've decided it's not appropriate, please elaborate.

Community
  • 1
  • 1
blahdiblah
  • 33,069
  • 21
  • 98
  • 152