I'm writing an Android application, which uses AccountManager to get the token. From an android app I'm able to interact with Google Picasa - it works fine.
What I would like to achieve is the following: send some text + authToken to my third party server, then check if the token is correct before saving the text. Now the question is: is it possible to determine if the authToken of a particular token is correct solely on the token itself (and maybe email address).
I've already programmed the server part, which accepts the token (send from android application), then issues a request to an URL address:
https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%
What I get back is the following JSON:
{
"error" : "invalid_token"
}
But the link here http://oauthssodemo.appspot.com/step/4 states that if a token is correct I should receive a different JSON response. Can you tell me what I'm doing wrong: I believe that the way to check token's validity really isn't that simple, but I should rather implement the whole openid or something. Even if that is the case, how can I check whether the token send by android app is correct, so I can save the 'text' part of the message.
Thank you.
The solution is as follows. You can verify the token via this url:
https://accounts.google.com/o/oauth2/tokeninfo?access_token=%token_here%
But in my case I was trying to validate "Authorization code" and not "Access token" as you can see here: https://code.google.com/oauthplayground/
If you're using Android and OAuth don't use
lh2
but rather use the following as service name:
http://picasaweb.google.com/data/
So you should call getAuthToken as follows
getAuthToken(account, "http://picasaweb.google.com/data/" , true, null, null);
Then you can validate the token received from this call on the URI posted above.