Authorization through Google in Android and checking the token on the server

Recently, I wanted to create a personal project on android, and the main question was: how to uniquely identify the user forcing him to do as little as possible gestures? Of course this is a Google account. I tried to try many examples on the network - however, the API was updated several times during its existence, many methods did not work, my questions on Google+ about this were either not accepted at all by the environment, or were like “I never did this”.
In this article, I will try as simple as possible for beginners (like me) to describe my method of authorizing Google on android, receiving a token and checking this token on the server.

Little preparation

To start, you must have Google Play Services installed in the SDK. After installing them, you can import all the necessary libraries. The article is written with the expectation of Android Studio - he himself tells what needs to be imported.
You must have created an activity with a button.
To make it more familiar to the user, you can create a standard Google+ Sing-In button.
It will look like this:
Just add to your Layout:

Add action to the button

We write in our activity:
View btn = (View) findViewById(;
btn.setOnClickListener(new View.OnClickListener() {
            public void onClick(View view) {
                Intent intent = AccountPicker.newChooseAccountIntent(null, null, new String[]{""},
                        false, null, null, null, null);
                startActivityForResult(intent, 123);

Actually, we will assign an action to the button - call the account selection intend. If you work in Android Studio, he will tell you which libraries you need to import, so I won’t describe this in detail here.
startActivityForResult (intent, 123); - sets the code with which the return will occur. 123 is a return code; it can be anything. This is necessary when you are doing several intends, and you need to process them differently.

Required Access Areas

Declare these variables in the class. These are the access areas we need. The first is written in google: “Allows you to define an authenticated user. To do this, when calling the API, you must specify me instead of the Google+ user ID. »The second permission we need to receive personal user data (Name, Surname, G + page address, avatar), and the latter to receive E-mail. I found this important, because this is a completely unchanged identifier for writing to the database.
    private final static String G_PLUS_SCOPE =
    private final static String USERINFO_SCOPE =
    private final static String EMAIL_SCOPE =
    private final static String SCOPES = G_PLUS_SCOPE + " " + USERINFO_SCOPE + " " + EMAIL_SCOPE;

Register our application.

Initially forgot this item - corrected.
We need to go to to create a project there, go to Credentials and create a new Client ID for OAuth by choosing Installed Application -> Android. There we need to enter the name of our package and the SHA1 amount of our key.
With this, I actually had a lot of problems solved in a rather crutal way.
Found debug.keystore in% USERPROFILE% \. Android \ debug.keystore placed in the project folder and registered in build.grandle:

    signingConfigs {
        debug {
            storeFile file("debug.keystore")
        myConfig {
            storeFile file("debug.keystore")
            storePassword "android"
            keyAlias "androiddebugkey"
            keyPassword "android"

After which we need to run the command:
keytool -exportcert -alias androiddebugkey -keystore ~ ​​/ .android / debug.keystore -v -list Keytool
itself can be found in the SDK. From the output, copy SHA1 to the desired field.
As I understand it, the method is temporary, and for normal operation you need to create a normal key. But for testing this is enough.

Token receipt code

protected void onActivityResult(final int requestCode, final int resultCode,
                                    final Intent data) {
        if (requestCode == 123 && resultCode == RESULT_OK) {
            final String accountName = data.getStringExtra(AccountManager.KEY_ACCOUNT_NAME);
            AsyncTask getToken = new AsyncTask() {
                protected String doInBackground(Void... params) {
                    try {
                        String token = GoogleAuthUtil.getToken(AcrivityName.this, accountName,
                        return token;
                    } catch (UserRecoverableAuthException userAuthEx) {
                        startActivityForResult(userAuthEx.getIntent(), 123);
                    }  catch (IOException ioEx) {
                       Log.d(TAG, "IOException");
                    }  catch (GoogleAuthException fatalAuthEx)  {
                        Log.d(TAG, "Fatal Authorization Exception" + fatalAuthEx.getLocalizedMessage());
                    return token;
                protected void onPostExecute(String token) {
            getToken.execute(null, null, null);

Where 123 is your code that you indicated earlier, where AcrivityName is the name of your activity. Roughly speaking - we feed the necessary token permissions and account name to the token receiving function. And note - this all happens in the background, after which the received token is transferred to the reg function I wrote. It already sends the token and all the necessary data to the server.
Since I’ve been developing recently, with exceptions, it’s a trouble so far, if there is a proposal, write in a personal message or in a comment.

Check the token on the server. (Php)

I want to pay attention, the token we received is of type Online. And he acts only 10 minutes. To get an offline token (in order to work longer with it from the server), refer to this instruction
$mToken = $_POST['plusToken'];
$userinfo = '' . $mToken;
$json = file_get_contents($userinfo);
$userInfoArray = json_decode($json,true);
$googleEmail = $userInfoArray['email'];
$tokenUserId = $userInfoArray['user_id'];

Actually feed the token in googleapis and pick up the received JSON response.


Perhaps the code is raw and written quite crookedly. However, I killed a whole week to find a working solution. I found this solution here: , although it was not fully functional, much has been added to this article.
I’m ready to hear suggestions for improving the article in PM or in the comments. Hope to save some time for beginners.

Also popular now: