I'm writing an android app that is a client of a multi-player game.
I need a reliable way to authenticate users in order to connect users with their game account, store their in-game progress and allow them to re-login later and continue playing just where they left off.
An easy solution would be to implement a password-based login and manage passwords all "by myself" (in my app and game server). However, typing passwords on a mobile device is quite inconvenient. Reading up on the topic, they say the best login is a login without password prompt (and generally as little user interaction as possible).
I would expect that the best way to achieve a solid passwordless login in an android app is a google account based login. Every android device is connected with a google account already, right?
Searching around the web and stackoverflow, I was extremely surprised that I was unable to find good documentation about my problem, which I thought to be a standard problem that many must have faced before me.
Some things that look pomising to me:
So, what ist the best way to implement a convenient login without password?
My definition of "best" in that context is:
Depends on how you need to identify your users. If email address is enough, you are probably looking for OpenID Connect. You will get a signed ID token, if the signature checks out, you can trust the info inside, which includes Gmail address. Google has libraries to make this easy, and Android devices already have a token, so users don't have to enter a password. More info here:
https://developers.google.com/identity/protocols/oauth2/native-app
Google Games login could be a better fit for you, and Firebase makes it easier to manage user data without running your own servers.