Search code examples
google-glassgoogle-mirror-api

Mirror API send timeline item to particular user


I need to send timeline item to particular subscribed user using Mirror API. I have the user's email id. How can I achive this?

Thanks

Update: I have GDK app, companion app(which runs on Android mobile device) and Mirror API app. Both GDK app and companion paired via Bluetooth. My use case is I have to send timeline item to uesr if he reached particular location. We are using ibeacon to check user's location. When user reached that particular area, companion app detect it(via bluetooth) and send request to mirror app then mirror app will add timeline item to user's glass. Here my question is how to add the timeline item to one particular user?(not to all subscribed users) And what parameter should I pass to mirror app from companion app?(I was thinking to send the user's email id)


Solution

  • The user will have needed to log into your service using OAuth2 and have granted specific permission for you to access their timeline using the role https://www.googleapis.com/auth/glass.timeline. You should request "offline" access so you will receive both an auth token and a refresh token, which you can use to get a new auth token after an hour.

    You will need this auth token when you send a card to the timeline, which also serves as an identifier in this case. Having their email id is not enough, and you don't need it.

    See https://developers.google.com/glass/develop/mirror/authorization for some code samples and details.

    Update:

    So it sounds like you have the following overall work flow:

    1. User creates an account on your website (which is where the Mirror API app is hosted). As part of this, they authorize access to their Glass and either give you their email address or authorize you to get it via Google's API.

    2. You'll store this information (auth_token and refresh_token) in a data store somewhere, indexed against their email address.

    3. They will also install your app on their phone, and it has access to the email address as well.

    4. When the mobile app detects an ibeacon marker it is interested in, it connects to your web service and sends the email address and location.

    5. Your web service looks up the email address, gets the access token to authenticate the connection to the Mirror service, and sends a message to Glass with the location information.

    This is a generally reasonable workflow, but there are a couple of important points to make:

    • The Mirror API is well tuned to sending things to just one person at a time. You sound worried about sending bulk results, but as long as you use the auth token for just one user, it will send it to just that user.

    • You're using the email address as an index to the entire user account. While this is simple to implement, this is not the best solution, since it means that anyone who has a person's email address and the URL for the endpoint of your service can fake locations. You may consider this an acceptable risk given how you're using the location information (sending it back to the user), but you need to think about how the service could be misused.

    You can mitigate the risk in a couple of potential ways:

    • Instead of an easily guessable email address, you can create and use some other userid which the user will need to enter when they first setup the companion app.

    • The first time (and only the first time) the app wants to connect to the service, it creates and sends a random secret string which it will use as a password and the web service could store this random string. Afterwards, the companion app would need to send this string along with the email address.

    • Depending on your needs, you could cut out the webapp completely and have the companion app use the Mirror API directly. This would leave the auth tokens on the phone and would greatly reduce the potential chance to have someone spoof your user. It does have a significant downside - although you can use it to send cards to Glass, it becomes more difficult to get responses from Glass back to the companion device.