Thank you Paul for the reply, Yes I can use android WebViews for that. Although the android code should mostly be for presentation, I would like to form the requests and parse the response on the android itself in order to minimze the webapp just for authorization and signing purposes. So for now I am trying to find out which Google Health java libraries that I will need. I am still looking into the docs for more help and am also looking at this example posted in Google Code to see if I can get it to work in a similar way from android also. http://code.google.com/p/googlehealthsamples/source/browse/#svn/trunk/java/health_sample.
Thanks again for offering to look/put together examples on this. [Sorry if its a double post but I replied it from my GMail but it did not show up here, so I am posting it again] On Jun 10, 1:34 pm, "Paul (Google)" <[email protected]> wrote: > Hi Achie, > > I'll certainly investigate and see which working examples we have to > share. Since most of the work (authentication and GData interface) is > being done in your web application, your Android code should mostly be > for UI/presentation. For getting the session token, you will need to > open an embedded browser for your web application. The best example > that I've found for this is for the Maps API. > > http://code.google.com/apis/maps/articles/android_v3.html > > I'll definitely post any additional examples that I can find or code > that I can put together. > > Paul > > On Jun 9, 3:38 pm, Achie <[email protected]> wrote: > > > Thank you Paul for those clarifications on the Health integration with > > mobile devices. > > > So I have started building the webapp and we are currently waiting > > from the approval from Google. > > > In the mean time I would like to build the android side UI & CCR > > retrieval and parsing part. This would be common for any android > > developers and I am wondering if you can provide a simple android > > example which retrieves the profiles by using the authorized > > sessionToken[authSub]. What I would also like to ask is if can list > > the jar files and dependencies that we would need to build the android > > side Google Health interface after getting the sessionToken from the > > WebApp[our server]. > > > Thank you > > > On Jun 6, 10:51 pm, "Paul (Google)" <[email protected]> wrote: > > > > Hi All, > > > > We're definitely happy to hear about interest in the development of > > > mobile Health apps! We certainly hope to increase our support mobile > > > +Health development, and are currently investigating ways to make the > > > integration easier. All ideas and feedback that everyone provides > > > will definitely help us to shape our future mobile support for Health, > > > so please don't hesitate to share! > > > > For now, it isn't recommended to authenticate *directly* to production > > > Health from a mobile device using AuthSub or OAuth. With production > > > Health, we currently do not allow non-secure connections, which means > > > that request tokens must be signed. This also means that "OAuth for > > > installed applications" is not possible, since it relies on non-secure > > > OAuth. Tokens must be signed with X.509 private keys, and it is not > > > recommended to distribute X.509 private keys with mobile applications, > > > since a stolen key would allow an unauthorized client to assume the > > > identity of an authorized one. There are similar concerns with HMAC > > > signing with OAuth; i.e. consumer keys and secrets used for signing > > > and that are included in mobile devices can be stolen. Also, HMAC > > > signing is presently only possible on H9 and not Health production, > > > which we are looking to change. > > > > Our current recommendation for connecting mobile devices to Health > > > using OAuth or AuthSub is to build an intermediary web application > > > that would securely store the X.509 private key and that could return > > > the unsigned access (OAuth) or session (AuthSub) token to the mobile > > > device for use in future requests. Requests to Health would need to > > > go through the web application so that they can be signed with the X. > > > 509 private key. During the linking process, a mobile device would > > > need to open a embedded browser window for the web application. The > > > web app would handle the linking and ultimately return the access/ > > > session token to the mobile application. This configuration will work > > > equally well for Android devices and other smart phones. Any of the > > > example web applications would be good starting points (following > > > link); however, we are looking into providing additional examples that > > > should be helpful. > > > >http://code.google.com/apis/health/code.html > > > > The Health team is very enthusiastic about mobile integration, and > > > we're exploring a number of ways to make it easier. We certainly > > > value all ideas from our developer community, and look forward to > > > making mobile+Health integration easier based on any feedback we > > > receive. > > > > Thanks all for your interest! > > > > Paul > > > > On Jun 3, 5:44 pm, gilad <[email protected]> wrote: > > > > > The official oauth code website has a link to a library that claims to > > > > be android ready:http://code.google.com/p/oauth-signpost/ > > > > "" OAuth Signpost offers simple OAuth message signing for Java and > > > > Apache HttpComponents (Google Android ready!). Contributed by Matthias > > > > Kaeppler "" > > > > > If I was working on android I would also look for data in the android > > > > developers grouphttp://groups.google.com/group/android-developers > > > > > Gilad > > > > > On Jun 3, 4:33 pm, Bess Ho <[email protected]> wrote: > > > > > > I am interested in learning how Google OAuth works with Android. Any > > > > > Android > > > > > OAuth library in Java? open source? I can use the same OAuth for > > > > > other API > > > > > integration? > > > > > > On Thu, Jun 3, 2010 at 3:35 PM, Achie <[email protected]> > > > > > wrote: > > > > > > I have asked this question earlier but did not get any answer. > > > > > > > I am trying to implement Google Health from our app. So I was asked > > > > > > to > > > > > > use either AuthSub or OAuth for authorization. Is there an example > > > > > > or > > > > > > documentation regarding hoe I can do this from android? > > > > > > All the documents that I found so far have information regarding > > > > > > either webapps or the ones using client login method. > > > > > > > I also saw a google employee's post integrating Google Buzz and > > > > > > Picasa > > > > > > on android. If someone can post a similar post on authorization > > > > > > using > > > > > > AuthSub or OAuth or the integration with Google Health on Android > > > > > > that > > > > > > would be very helpful. > > > > > > > Thank you. > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > > > > Groups > > > > > > "Google Health Developers" group. > > > > > > To post to this group, send email to > > > > > > [email protected]. > > > > > > To unsubscribe from this group, send email to > > > > > > [email protected]<googlehealthdevelopers% > > > > > > [email protected]> > > > > > > . > > > > > > For more options, visit this group at > > > > > >http://groups.google.com/group/googlehealthdevelopers?hl=en. > > > > > > -- > > > > > Bess Ho > > > > > UI Architect / Developer / Designer > > > > > iPhone Developer > > > > > Silicon Valley Web Builder (SVWB) Founder > > > > > > The information transmitted is intended only for the person or entity > > > > > to > > > > > which it is addressed and may contain CONFIDENTIAL material. If you > > > > > receive > > > > > this material/information in error, please contact the sender and > > > > > delete or > > > > > destroy the material/information. -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
