Server-side user auth for paid android app

122 views Asked by At

I am working on an Android app for daydream that is paid and has no login screen.

I want to emulate the user auth flow that I used when developing for Oculus outlined here in which you first make a local license check, then use the data returned and the userId to make a server-side check from my backend to Google Play's over http/REST.

I can't seem to find a way to get an Android App's userId (or token) in order to make this check without logins. The current path I am heading down is one in which uses the sorely outdated License Verification Library (for local checks) as outlined here and then uses the Google Play Developer API to preform a server check.

Is this the proper way to approach this, or is there a better/more modern way to do this? One that perhaps models after the Oculus flow more? Additionally, I want to limit the permissions I need to request the user for, since with Daydream VR, the user must remove the headset to accept permissions at the moment.

Thanks

1

There are 1 answers

0
ReyAnthonyRenacia On

Check the Using OAuth 2.0 for Web Server Applications as it's about handling OAuth on the server side. The flow you've shown is also a bit similar to the Web server applications diagram.