Hi Achie, I'll certainly investigate and see which working examples we have to share. Since most of the work (authentication and GData interface) is being done in your web application, your Android code should mostly be for UI/presentation. For getting the session token, you will need to open an embedded browser for your web application. The best example that I've found for this is for the Maps API.
http://code.google.com/apis/maps/articles/android_v3.html I'll definitely post any additional examples that I can find or code that I can put together. Paul On Jun 9, 3:38 pm, Achie <[email protected]> wrote: > Thank you Paul for those clarifications on the Health integration with > mobile devices. > > So I have started building the webapp and we are currently waiting > from the approval from Google. > > In the mean time I would like to build the android side UI & CCR > retrieval and parsing part. This would be common for any android > developers and I am wondering if you can provide a simple android > example which retrieves the profiles by using the authorized > sessionToken[authSub]. What I would also like to ask is if can list > the jar files and dependencies that we would need to build the android > side Google Health interface after getting the sessionToken from the > WebApp[our server]. > > Thank you > > On Jun 6, 10:51 pm, "Paul (Google)" <[email protected]> wrote: > > > > > Hi All, > > > We're definitely happy to hear about interest in the development of > > mobile Health apps! We certainly hope to increase our support mobile > > +Health development, and are currently investigating ways to make the > > integration easier. All ideas and feedback that everyone provides > > will definitely help us to shape our future mobile support for Health, > > so please don't hesitate to share! > > > For now, it isn't recommended to authenticate *directly* to production > > Health from a mobile device using AuthSub or OAuth. With production > > Health, we currently do not allow non-secure connections, which means > > that request tokens must be signed. This also means that "OAuth for > > installed applications" is not possible, since it relies on non-secure > > OAuth. Tokens must be signed with X.509 private keys, and it is not > > recommended to distribute X.509 private keys with mobile applications, > > since a stolen key would allow an unauthorized client to assume the > > identity of an authorized one. There are similar concerns with HMAC > > signing with OAuth; i.e. consumer keys and secrets used for signing > > and that are included in mobile devices can be stolen. Also, HMAC > > signing is presently only possible on H9 and not Health production, > > which we are looking to change. > > > Our current recommendation for connecting mobile devices to Health > > using OAuth or AuthSub is to build an intermediary web application > > that would securely store the X.509 private key and that could return > > the unsigned access (OAuth) or session (AuthSub) token to the mobile > > device for use in future requests. Requests to Health would need to > > go through the web application so that they can be signed with the X. > > 509 private key. During the linking process, a mobile device would > > need to open a embedded browser window for the web application. The > > web app would handle the linking and ultimately return the access/ > > session token to the mobile application. This configuration will work > > equally well for Android devices and other smart phones. Any of the > > example web applications would be good starting points (following > > link); however, we are looking into providing additional examples that > > should be helpful. > > >http://code.google.com/apis/health/code.html > > > The Health team is very enthusiastic about mobile integration, and > > we're exploring a number of ways to make it easier. We certainly > > value all ideas from our developer community, and look forward to > > making mobile+Health integration easier based on any feedback we > > receive. > > > Thanks all for your interest! > > > Paul > > > On Jun 3, 5:44 pm, gilad <[email protected]> wrote: > > > > The official oauth code website has a link to a library that claims to > > > be android ready:http://code.google.com/p/oauth-signpost/ > > > "" OAuth Signpost offers simple OAuth message signing for Java and > > > Apache HttpComponents (Google Android ready!). Contributed by Matthias > > > Kaeppler "" > > > > If I was working on android I would also look for data in the android > > > developers grouphttp://groups.google.com/group/android-developers > > > > Gilad > > > > On Jun 3, 4:33 pm, Bess Ho <[email protected]> wrote: > > > > > I am interested in learning how Google OAuth works with Android. Any > > > > Android > > > > OAuth library in Java? open source? I can use the same OAuth for other > > > > API > > > > integration? > > > > > On Thu, Jun 3, 2010 at 3:35 PM, Achie <[email protected]> wrote: > > > > > I have asked this question earlier but did not get any answer. > > > > > > I am trying to implement Google Health from our app. So I was asked to > > > > > use either AuthSub or OAuth for authorization. Is there an example or > > > > > documentation regarding hoe I can do this from android? > > > > > All the documents that I found so far have information regarding > > > > > either webapps or the ones using client login method. > > > > > > I also saw a google employee's post integrating Google Buzz and Picasa > > > > > on android. If someone can post a similar post on authorization using > > > > > AuthSub or OAuth or the integration with Google Health on Android that > > > > > would be very helpful. > > > > > > Thank you. > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > > Groups > > > > > "Google Health Developers" group. > > > > > To post to this group, send email to > > > > > [email protected]. > > > > > To unsubscribe from this group, send email to > > > > > [email protected]<googlehealthdevelopers% > > > > > [email protected]> > > > > > . > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/googlehealthdevelopers?hl=en. > > > > > -- > > > > Bess Ho > > > > UI Architect / Developer / Designer > > > > iPhone Developer > > > > Silicon Valley Web Builder (SVWB) Founder > > > > > The information transmitted is intended only for the person or entity to > > > > which it is addressed and may contain CONFIDENTIAL material. If you > > > > receive > > > > this material/information in error, please contact the sender and > > > > delete or > > > > destroy the material/information. -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
