(O)Authenticated rest interaction in Android

Thanks for coming!

About me Federico Paolinelli [email protected] mytechaddiction.blogspot.com @fedepaol plus.google.com/+FedericoPaolinelli

Let’s talk about REST interaction

Resources….

… you want to access

… you want to access http(s)

Http call (*) URL url = new URL(“https://api.github.com/users/fedepaol/events");! ! HttpURLConnection
conn = (HttpURLConnection) url.openConnection();! ! InputStream in = new BufferedInputStream(conn.getInputStream());! // do whatever you want with the stream! conn.disconnect();! (*)Try/Catches not included

What are our goals?

Making our apps work like magic

… or at least • providing a good user experience
• being efﬁcient in terms of power / bandwidth

DON’TS (it would be better not to…)

Antipatterns • Performing the call on the ui thread

Antipatterns • Performing the call on the ui thread •
Hosting the thread that perform the call in the activity (or fragment)

Antipatterns • Performing the call on the ui thread •
Hosting the thread that perform the call in the activity (or fragment) • Storing the results (only) in memory

RULE #1 Decouple the UI from the http call

Decoupling the call from the UI • The activity might
be killed

be killed • Conﬁg changes handling

be killed • Conﬁg changes handling • Can’t schedule requests

be killed • Conﬁg changes handling • Can’t schedule requests • Harder to test

So where am I supposed to perform the call?

Service A facility for the application to tell the system
about something it wants to be doing in the background (even when the user is not directly interacting with the application)

How to tell the service to initiate a request Activity
Service startService() Intent onStartCommand()

How to tell the service to initiate a request (2)
Activity Service bindService() bind() ServiceInterface onBind()

CONS PROS Services pros / cons • Can run in
background • Can be scheduled • When bound, offers a rich interface • Needs to be shut down • Needs to perform requests in a different thread

IntentService or how to kill two birds with one stone

IntentService • Performs the request inside a different thread •
Dies when onHandleIntent returns • Queued • Command pattern protected void onHandleIntent(Intent intent) {! String myParameter = intent.getExtras().getString(…);! ! // Handle your request here! }

Activity Service Request

Where should I store the result data?

Where to store the data • Reloading the same data
has a cost • Decoupled from the ui • Data can be accessed when offline/prefetched Persistent Storage SQLite Content Provider

Storage Use Transactions (and yieldIfContededSafely()) ! bulkInsert() with content providers
! Load only New data if the api offers a “since” parameter

Activity Service Request Storage

Notify the UI of the result of the request one
last step..

Notify the UI • Local Broadcasts ! ! • Bound
Interface (not available with intent services) ! • EventBus (Otto, GreenRobot’s EventBus) ! Intent intent = new Intent(Constants.SERVER_REQUEST_DONE);! intent.putExtra(Constants.REQUEST_ID, mRequestId);! intent.putExtra(Constants.IGNORE_PENDING_ID, mIgnorePending);! LocalBroadcastManager.getInstance(c).sendBroadcast(intent);

Notify the UI when using ContentProviders • Register observers •
CursorLoader gets notiﬁed and reloads the cursor @Override! public Cursor query(Uri uri, String[] projection, String selection,! String[] selectionArgs, String sortOrder) {! // perform the query! cursor.setNotificationUri(getContext().getContentResolver(), uri);! return cursor;! }! ! @Override! public Uri insert(Uri uri, ContentValues values) {! // ..! getContext().getContentResolver().notifyChange(insertedId, null);! // ..! }!

Activity Service Request Storage Notify Update

When to fetch the data React to user input !
Scheduled prefetch (using AlarmManager) ! Push from the server ( GCM)

Big cookie approach CommonsCreative: http://www.flickr.com/photos/shellewill79/5333263261/

Big cookie approach • The cell radio is one of
the biggest battery drains on the phone • It takes up to 2 seconds to turn the radio on • Every time you transfer data, the radio is powered on for nearly 30 seconds

Off the shelf solutions

SyncAdapters • Designed to be used together with Content Providers
and Account Authenticator • Native retry mechanism and exponential backoff • Check network availability • Sync with other apps • (Were) a bit tricky to setup http://developer.android.com/training/sync-adapters/

Robospice • Service decouples the interaction from the ui •
Very high level, strongly typed • A lot of features such as caching, json parsing, prioritizing • Retry policy • Very active development https://github.com/octo-online/robospice

Others.. • Volley • DataDroid (https://github.com/foxykeep/datadroid) • Ion (https://github.com/koush/ion) •
Retroﬁt (http://square.github.io/retroﬁt)

PostmanLib CommonsCreative: http://www.flickr.com/photos/workfromtheheart/5881426342/

PostmanLib • Allows asynchronous requests • Built on top of
java scribe library • Tracks the state of pending requests https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

Implement a RestRequest interface public class PostmanRequest implements RestServerRequest {!
@Override! public String getUrl() {! return "https://api.github.com/users/fedepaol/events";! }! ! @Override! public Verb getVerb() {! return Verb.GET;! }! ! @Override! public void onHttpResult(Response result, ! int statusCode, ! RequestExecutor executor,! Context context) throws ResultParseException {! String resultToParse = result.getBody();! // ...! }! } https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

Send a request and track the result PostmanRequest r =
new PostmanRequest();! PostmanRequest r1 = new PostmanRequest();! ServerInteractionHelper.getInstance(this).sendRestAction(this, "ReqID", r, r1);! ! ! ! ! @Override! protected void onResume() {! mHelper.registerEventListener(this, this);! if (mHelper.isRequestAlreadyPending("ReqID")) {! // notify that a request is still pending, ie action bar spinner! }! }! ! @Override! public void onServerResult(String result, String requestId) {! if ("MyRequestID".equals(requestId)) {! // update the ui! }! https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

PostmanLib • Can batch / chain requests • Does not
provide storage / caching • Does not provide scheduling out of the box • Can get a PendingIntent out of a request to schedule • Requests need to implement Parcelable https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

PostmanLib UI Helper IntentService(s) sendRestAction() Intent Execute() onServerResult() LocalBroadcast https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

Yes, but I came here to hear of OAuth

OAuth • Allows to access resources owned by the user
without sharing credentials with the app • Used by nearly all the rest apis • User can revoke the permissions

OAuth All we need is an Access Token

Get a client id and a client secret

OAuth 1.0(a) CommonsCreative: http://www.flickr.com/photos/venndiagram/5331296718 Doesn’t look easy

OAuth 1.0(a)

OAuth 1.0(a) - SignPost • Lightweight • Does not wrap
http calls • Easy to use ! http://code.google.com/p/oauth-signpost/

OAuth 2.0

Java Scribe • Uses HttpUrlConnection under the hood • Comes
with a lot of api support included • Supports OAuth 1.0 and OAuth 2.0 • Does not expose the HttpUrlConnection outside https://github.com/fernandezpablo85/scribe-java

At some point, the user needs to interact with the
service …

How to get the Auth Code use the System Browser
! open a WebView ! use a Custom Activity

PostmanLib uses Scribe under the hood

PostmanLib Register an oauth service private void setAuthService() {! OAuthHelper
o = OAuthHelper.getInstance();! if (!o.isAlreadyAuthenticated("Facebook", this)) {! StorableServiceBuilder builder = new ! StorableServiceBuilder("Facebook")! .provider(FacebookApi.class)! .apiKey("xxxxxxxx")! .apiSecret("yyyyyyyyyy")! .callback("http://www.yoururl.com/callback", "code")! .scope("publish_actions");! ! o.registerOAuthService(builder, this);! }! } https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

PostmanLib Obtain the access token OAuthHelper o = OAuthHelper.getInstance();! if
(!o.isAlreadyAuthenticated("Facebook", this)) {! o.authenticate(this, "Facebook");! } https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

PostmanLib Perform the request public class ShareOnFacebookAction implements RestServerRequest {!
private static final String url = "https://graph.facebook.com/me/feed";! ! @Override! public String getOAuthSigner() {! return "Facebook";! }! // . . .! } https://github.com/fedepaol/PostmanLib--Rings-Twice--Android

Thanks Federico Paolinelli @fedepaol [email protected]

(O)Authenticated rest interaction in Android

(O)Authenticated rest interaction in Android

More Decks by Federico Paolinelli

Other Decks in Technology

Featured

Transcript