I am working on an Android app for daydream that is paid and has no login screen.
I want to emulate the user auth flow that I used when developing for Oculus outlined here in which you first make a local license check, then use the data returned and the userId to make a server-side check from my backend to Google Play's over http/REST.
I can't seem to find a way to get an Android App's userId (or token) in order to make this check without logins. The current path I am heading down is one in which uses the sorely outdated License Verification Library (for local checks) as outlined here and then uses the Google Play Developer API to preform a server check.
Is this the proper way to approach this, or is there a better/more modern way to do this? One that perhaps models after the Oculus flow more? Additionally, I want to limit the permissions I need to request the user for, since with Daydream VR, the user must remove the headset to accept permissions at the moment.
Thanks
Check the Using OAuth 2.0 for Web Server Applications as it's about handling OAuth on the server side. The flow you've shown is also a bit similar to the Web server applications diagram.