Google auth example not working about appauth-android HOT 8 CLOSED

(If I modify the library to use the id_token as though it were a refresh_token, it actually works just fine and fetches the user info quite happily - I just would prefer not to have to modify the library to get it working)

from appauth-android.

Client secrets are not required for Google auth, and are strongly discouraged for mobile apps where the secret can be easily extracted from an APK. The demo app that is included in this repository includes instructions for configuring Google authentication, see here.

If you send the right authorization request you should be able to get an authorization code for a refresh token quite easily - the demo app does this already, and uses the retrieved access code for requests to the UserInfo endpoint: see here.

from appauth-android.

Thanks very much for the clarification. I think I would change the Google integration instructions to clarify that appauth.keystore is created by AppAuth-Android during the build process - I was looking for it whilst integrating the library and of course couldn't find it because it hadn't been run yet. I had assumed it was something generic to any Android project.

from appauth-android.

Ah, apologies for that. I tried to simplify the setup process by generating the keystore during the build but as you say this isn't specifically mentioned anywhere in the instructions. I'll try to clarify this point.

from appauth-android.

On that note: are we meant to copy and paste the generateKeystore task into our own project or is it meant to run automatically when our project expresses a dependency on the library?

from appauth-android.

It's just for convenience when developing AppAuth-Android - your own app should have its own keystore for debug and release. You're of course welcome to re-use this if you find it useful, but most apps will use the standard ~/.android/debug.keystore for debug and another more carefully managed keystore for release.

from appauth-android.

Wonderful, that makes a lot more sense now - perhaps the documentation could explain that (especially that debug path - I was conscious of my production keystore but not the debug one). Thank you!

from appauth-android.

And now I see that Google documents that location within the tool where you create API credentials... not sure how I missed that last time. Thanks again.

from appauth-android.