Hi Adam, Welcome to the Health developers' forum! We're happy to have you here.
Direct mobile-to-Health OAuth authentication presently isn't recommended due to the reasons that we've posted at the following link. http://groups.google.com/group/googlehealthdevelopers/msg/0d8db0260f2bfce7 In summary, OAuth requires the use of a X.509 certificate or HMAC key (Health doesn't support HMAC yet) to sign tokens, both of which are tied to an organization. It would definitely be a problem if these keys were distributed with mobile devices and became compromised. Basically, it would allow any mobile application to pass data to Health using the identity of the organization. The solution that we're currently recommending to Health partners that wish to be listed in the Health services directory and/or have data in a user's profile reference the originating application/organization, is to build a web application to store the keys and authenticate to Health. The mobile device communicates to the web app, which in turn communicates with Health. This model sounds somewhat complex; however, it should save quite a bit of development time for teams that are building mobile applications for multiple platforms (Android and iPhone, for example). The same application on different mobile platforms can use the same intermediary web application, which would contain the authentication and GData code. For Android, an alternative is to use the AccountManager to access credentials stored in the phone to retrieve an authentication token. This token can be used with the Java GData libraries to communicate with Health. With this approach, Health cannot know which organization owns the application that is sending data, however, so data will be displayed as "user entered" in a user's profile. There's a post in the forum about this approach and the Java GData APIs at: http://groups.google.com/group/googlehealthdevelopers/msg/7bb938248292c44e I unfortunately don't know of a RoR+Android+OAuth example, but there are definitely good RoR+OAuth and Android examples out there. If you find anything good, definitely post it to the group! I hope the OAuth/mobile explanation helps. Don't hesitate to ask if there's anywhere I can clarify! Paul (Google) On Jun 30, 10:43 am, abialek <[email protected]> wrote: > We have been looking at integrating Google Health for Android and have > a few questions: > > 1) If we authenticate with OAuth can we use the Android gdata-java- > client package? > > 2) If you don't recommend using the gdata-java-client for Android what > is a good alternative? > > 3) Do you know of any good examples for integrating OAuth with Android > using Ruby on Rails on a web server? > > Best, > > -Adam -- You received this message because you are subscribed to the Google Groups "Google Health Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/googlehealthdevelopers?hl=en.
