The article is part of Android Series that aims to discuss the fundamentals of developing applications on the Android Platform
Integrating social connectors such as Twitter, Facebook, Google+ etc. helps an Android develop personalise the user’s experience. Integrating social connectors also enables the user to recommend the usefulness of your app and in-turn helps promote your application through social advertisement. In this tutorial we build an application that integrates Twitter within your application.

Following are steps we will undertake to understand and implement the use-case.

1. Create a simple Android application that asks the user to authorise its use of the users Twitter identity and supported operations.
2. Create and register a Twitter application on Twitter Developers
3. Modify the Android application to handle the redirect from Twitter into the application.

Create a simple Android application that asks the user to authorise its use of the user’s Twitter identity and supported operations.

1. Create an Android project with a simple layout.

1. Declare in the application manifest following permissions:
   1. The Android Manifest is otherwise very similar to most basic Android applications. Some parts in the following manifest will be explained later on in this tutorial.

<?xml version="1.0" encoding="utf-8"?>
<manifest
    xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.gnuc.android.tutorials.ouath.twitter"
    android:versionCode="1"
    android:versionName="1.0"
    android:installLocation="auto">
    <uses-sdk android:minSdkVersion="8" />
    <application
        android:icon="@drawable/icon"
        android:label="@string/app_name">
        <activity
            android:name=".OAuthActivity"
            android:label="@string/app_name"
            android:theme="@android:style/Theme.Light.NoTitleBar"
            android:launchMode="singleInstance">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
            <intent-filter>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
                <data
                    android:scheme="gnuc-tutorials-oauth"
                    android:host="twitter" />
            </intent-filter>
        </activity>
    </application>
    <uses-permission android:name="android.permission.INTERNET" />
</manifest></web-app>

1. Create an activity class ‘OAuthActivity’ where we setup an action to redirect user to Twitter authentication end-point to ask for permission to be granted to access user data. The class OAuthActivity looks like the following. We will enhance the functionality of this class after we have defined the web-service.

package com.gnuc.android.tutorials.ouath.twitter;

import java.io.BufferedInputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.List;

import oauth.signpost.OAuthProvider;
import oauth.signpost.basic.DefaultOAuthProvider;
import oauth.signpost.commonshttp.CommonsHttpOAuthConsumer;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;

import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.util.EntityUtils;
import org.json.JSONObject;

import android.app.Activity;
import android.app.ProgressDialog;
import android.content.Intent;
import android.content.pm.ActivityInfo;
import android.graphics.Bitmap;
import android.graphics.BitmapFactory;
import android.net.Uri;
import android.os.Bundle;
import android.os.Handler;
import android.os.Message;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.EditText;
import android.widget.ImageView;
import android.widget.LinearLayout;
import android.widget.Toast;

import com.gnuc.android.framework.Logger;
import com.gnuc.android.framework.Tutorial;
import com.gnuc.android.framework.Tutorial.Pref;

public class OAuthActivity extends Activity
{
    private static ProgressDialog    pd            = null;
    //
    String                                id            = null, name = null;
    Bitmap                                picture    = null;
    //
    // Twitter
    private static CommonsHttpOAuthConsumer    twCONSUMER            = null;
    private static OAuthProvider                    twPRODUCER            = null;
    private final static String                    twKEY                    = "XXXXXXXXXXXXXXXXXXXXXX"; // Fill in your Twitter Consumer key
    private final static String                    twSECRET                = " XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "; // Fill in your Twitter Consumer secret
    private final static String                    twCALLBK                = " gnuc-tutorials-oauth://twitter";

    @Override
    public void onCreate(Bundle savedInstanceState)
    {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        setRequestedOrientation(ActivityInfo.SCREEN_ORIENTATION_PORTRAIT);
        //
        Tutorial.cx = this;
        //
        Button     tw = (ImageButton) findViewById(R.id.twitter);
        tw.setOnClickListener(new OnClickListener()
        {
            @Override
            public void onClick(View v)
            {
                showProgressDialog("Contacting Twitter ...");
                twCONSUMER = new CommonsHttpOAuthConsumer(twKEY, twSECRET);
                twPRODUCER = new DefaultOAuthProvider("http://twitter.com/oauth/request_token", "http://twitter.com/oauth/access_token", "http://twitter.com/oauth/authorize");
                twPRODUCER.setOAuth10a(true);
                final String authUrl = twPRODUCER.retrieveRequestToken(twCONSUMER, twCALLBK);
                startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse(authUrl)));
            }
        });        
        picture = BitmapFactory.decodeResource(Tutorial.cx.getResources(), R.drawable.twitter);
    }
}

1. The layout for the application is simply a Button, EditText’s and an ImageView. All views are used to display some information extracted using the social web service.

Create and register a Twitter application on Twitter Developers

1. You will need an API key to access Twitter API. To do that you will first have to create an application and register it with Twitter. It’s simple!
2. Go to Twitter Developers, log in, and create a new application.
3. Most of the entries are straightforward. You will only need read-only access for basic operations.
4. Once you have created your application make note of the ‘Consumer key’ and ‘Consumer secret’. These are required to be updated in the class OAuthActivity.

Modify the Android application to handle the redirect from Twitter into the application.

1. Once the user has authorised the application, Twitter will redirect the user to the specialised URI we have provided in the variable ‘twCALLBK’. The specialised URI looks like ‘gnuc-tutorials-oauth://twitter‘ and can be of your choice.
2. The manifest file of your Android project is enhanced to capture URIs with URI scheme : android:scheme=”gnuc-tutorials-oauth“ and URI host : android:host=”twitter“ . Also note the new intent-filter added to the manifest for the application to be able to capture the URIs
3. The class OAuthActivity is enhanced with the following methods to process the redirect from Twitter web-service and subsequently request authorisation against the Twitter end-point and finally request user’s information.

//---------------------------------------------------------------------------------------------------
// OAuthActivity.java
//---------------------------------------------------------------------------------------------------
@Override
protected void onNewIntent(Intent intent)
{
    super.onNewIntent(intent);
    Uri uri = intent.getData();
    if (null != uri)
    {
        Message msg = new Message();
        msg.what = 1;
        msg.obj = uri;
        OAUTH.sendMessage(msg);
    }
}

@Override
public void onResume()
{
    super.onResume();
    try
    {
        if (null != pd && pd.isShowing())
            pd.hide();
    }
    catch (Exception e)
    {}
}

void twProcess()
{
    Tutorial.background(new Runnable()
    {
        @Override
        public void run()
        {
            try
            {
                //
                final HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
                final BasicHttpParams params = new BasicHttpParams();
                final SchemeRegistry schemeRegistry = new SchemeRegistry();
                schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
                final SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory();
                schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
                final ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry);
                //
                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
                DefaultHttpClient CLIENT = new DefaultHttpClient(cm, params);
                //
                HttpGet get = new HttpGet("http://api.twitter.com/1/account/verify_credentials.json");
                get.setParams(params);
                twCONSUMER.sign(get);
                HttpResponse resp = CLIENT.execute(get);
                //
                showProgressDialog("Processing ...");
                //
                String respStr = EntityUtils.toString(resp.getEntity());
                int respCode = resp.getStatusLine().getStatusCode();
                if (respCode == HttpURLConnection.HTTP_OK)
                {
                    JSONObject me = new JSONObject(respStr);
                    id = me.getString("screen_name");
                    name = "@"+me.getString("screen_name");
                    String profile = me.getString("profile_image_url");
                    try
                    {
                        URLConnection cxn = new URL(profile).openConnection();
                        cxn.connect();
                        picture = BitmapFactory.decodeStream(new BufferedInputStream(cxn.getInputStream(), 20));
                    }
                    catch (Exception e)
                    {
                        Logger.e(e);
                    }
                    OAUTH.sendEmptyMessage(3);
                    return;
                }
                else
                    OAUTH.sendEmptyMessage(-1);
            }
            catch (Exception e)
            {
                OAUTH.sendEmptyMessage(-1);
                Logger.e(e);
            }
        }
    });
}

public Handler    OAUTH    = new Handler()
                            {
                                @Override
                                public void handleMessage(Message msg)
                                {
                                    try
                                    {
                                        OAUTH.removeMessages(msg.what);
                                        switch (msg.what)
                                        {
                                            case -1 :
                                            {
                                                if (null != pd)
                                                    pd.cancel();
                                                Toast.makeText(OAuthActivity.this, "Could not authenticate against Twitter. Please try another provider.", Toast.LENGTH_LONG).show();
                                                break;
                                            }
                                            case 1 :
                                            {
                                                Uri uri = (Uri) msg.obj;
                                                if (uri != null && uri.toString().contains(twCALLBK))
                                                {
                                                    showProgressDialog("Reading response...");
                                                    String verifier = uri.getQueryParameter(oauth.signpost.OAuth.OAUTH_VERIFIER);
                                                    if (null == twCONSUMER || null == twPRODUCER)
                                                    {
                                                        twCONSUMER = new CommonsHttpOAuthConsumer(twKEY, twSECRET);
                                                        twPRODUCER = new DefaultOAuthProvider("http://twitter.com/oauth/request_token", "http://twitter.com/oauth/access_token", "http://twitter.com/oauth/authorize");
                                                        twPRODUCER.setOAuth10a(true);
                                                    }
                                                    try
                                                    {
                                                        twPRODUCER.retrieveAccessToken(twCONSUMER, verifier);
                                                        Pref.OAUTH_TW_TOKEN = twCONSUMER.getToken();
                                                        Pref.OAUTH_TW_TOKEN_SECRET = twCONSUMER.getTokenSecret();
                                                        Pref.write();
                                                        showProgressDialog("Processing response..");
                                                        twProcess();
                                                    }
                                                    catch (Exception e)
                                                    {
                                                        OAUTH.sendEmptyMessage(0);
                                                        Logger.e(e);
                                                    }
                                                }
                                                break;
                                            }
                                            case 2 :
                                            {
                                                showProgressDialog((String) msg.obj);
                                                break;
                                            }
                                            case 3 :
                                            {
                                                runOnUiThread(new Runnable()
                                                {
                                                    @Override
                                                    public void run()
                                                    {
                                                        findViewById(R.id.gplus).setVisibility(View.GONE);
                                                        LinearLayout ll = (LinearLayout) findViewById(R.id.gplus_profile);
                                                        ll.setVisibility(View.VISIBLE);
                                                        ImageView ph = (ImageView) ll.findViewById(R.id.gplus_photo);
                                                        ph.setImageBitmap(picture);
                                                        //
                                                        EditText et = (EditText) findViewById(R.id.gplus_id);
                                                        et.setText(id);
                                                        et.setFocusable(false);
                                                        //
                                                        et = (EditText) findViewById(R.id.gplus_nickname);
                                                        et.setText(name);
                                                        et.setFocusable(false);
                                                        //
                                                        pd.cancel();
                                                    }
                                                });
                                                break;
                                            }
                                        }
                                    }
                                    catch (Exception e)
                                    {}
                                }
                            };

void showProgressDialog(final String msg)
{
    runOnUiThread(new Runnable()
    {
        @Override
        public void run()
        {
            try
            {
                if (null != pd)
                    pd.cancel();
            }
            catch (Exception e)
            {}
            pd = new ProgressDialog(Tutorial.cx);
            pd.setMessage(msg);
            if (!pd.isShowing())
                pd.show();
        }
    });
}

//---------------------------------------------------------------------------------------------------
// Tutorial.java class is a utility class 
//---------------------------------------------------------------------------------------------------
package com.gnuc.android.framework;

import android.app.Activity;
import android.content.Context;
import android.content.SharedPreferences;

public class Tutorial
{
    public static final String    TAG    = "GNUC-TUTORIAL";
    public static Context        cx        = null;
    
    //
    public static void background(final Runnable r)
    {
        new Thread()
        {
            @Override
            public void run()
            {
                r.run();
            }
        }.start();
    }
    
    public static class Pref
    {
        public static String        OAUTH_TW_TOKEN                        = "";
        public static String        OAUTH_TW_TOKEN_SECRET            = "";
    
        public static void read()
        {
            SharedPreferences p = cx.getSharedPreferences(TAG, Activity.MODE_PRIVATE);
            OAUTH_TW_TOKEN = p.getString("OAUTH_TW_TOKEN", OAUTH_TW_TOKEN);
            OAUTH_TW_TOKEN_SECRET = p.getString("OAUTH_TW_TOKEN_SECRET", OAUTH_TW_TOKEN_SECRET); 
        }
        
        public static void write()
        {
            SharedPreferences.Editor pe = cx.getSharedPreferences(TAG, Activity.MODE_PRIVATE).edit();
            pe.putString("OAUTH_TW_TOKEN", OAUTH_TW_TOKEN);
            pe.putString("OAUTH_TW_TOKEN_SECRET", OAUTH_TW_TOKEN_SECRET);
            //
            pe.commit();
        }
    }

1. To understand more about OAuth and the Twitter web-service please read the following resources: https://dev.twitter.com/docs/auth/oauth/faq and https://dev.twitter.com/docs/auth

In this tutorial we learnt how to create an Android application that integrates Twitter within your application.

The article is part of Android Series that aims to discuss the fundamentals of developing applications on the Android Platform
Since Android 2.0, a developer can program an application to request a user to authorise the use of a device account to conveniently perform actions on behalf of the user. What this means is, an application does not have to ask the user to enter their login credentials or for that matter create a new account. Applications can use an existing user account to request and use authentication tokens to perform actions. The AccountManager class provides access to the user’s online accounts on the device and provides an authentication token each time an application requests one for a specific service.

In this tutorial you will be learning how to create an application on Android which is able to implement authentication using the AccountManager class and have it authenticate to use a web-service deployed on Google AppEngine.
Following are steps we will undertake to understand and implement the application.

1. Create a class which registers and then requests a token from the AccountManager in Android
2. Create a web-service which validates a request from the Android client.

Building a class that communicates with the AccountManager on Android.

1. Before you start with the implementation you will need to declare the following permission in your Android manifest

   android.permission.USE_CREDENTIALS

2. The first step is to request the AccountManager to provide a list of applicable accounts on the device based on a criteria
   1. Get the instance of AccountManager. The method requires the context of your application as an input.
   2. Using the instance retrieve the list of accounts by type/feature. In this example we will only be retrieving all Google accounts of the user.
   3. Populate a ListView with the retrieved accounts. (ListView is defined in the XML layout and not shown here.)
   4. When the user chooses a specific account we will ask the AccountManager to retrieve an auth token for us to use.

final Account[] accounts = AccountManager.get(ctx).getAccountsByType("com.google");// Get an instance and retrieve all google accounts.
final List<String> accountNames = new ArrayList<String>();
for (Account account : accounts)
    accountNames.add(account.name);
ListView accountList = (ListView) findViewById(R.id.st_account_list);// st_account_list is defined in an XML layout
accountList.setAdapter(new ArrayAdapter<String>(ctx, android.R.layout.simple_list_item_1, accountNames));
accountList.setOnItemClickListener(new OnItemClickListener()
{
    @Override
    public void onItemClick(AdapterView<?> parent, View view, int pos, long id)
    {
        checkAccount(accounts[pos]);
    }
}); 

1. Request the AccountManager to retrieve an auth token for an account.
   1. There are three convenience methods provided by the AccountManager class to retrieve an auth token. Usage of methods is based on application design.
   2. We will use two of the available methods for this use case. Once you are confident about how these methods function you can opt to use one.
   3. First time your application requests the auth token from the AccountManager we will use the following method

      getAuthToken (Account account, String authTokenType, Bundle options, Activity activity, AccountManagerCallback callback, Handler handler)

      1. This method takes a callback as argument among other arguments. The callback method is asynchronous, thus this method should not be initiated off the UI thread.
      2. The callback function receives a future instance that can retrieve the coveted auth token for us.
   4. Once an auth token is retrieved we can proceed with retrieving an auth cookie against our web-service. (It is advisable to refresh the auth token on first retrieval as an expired token could be returned. The method call ‘setAuthToken(account, true);’ with true passed as an argument indicates that the token be renewed before being used by the application).
   5. Following code snippets describes the process of requesting the auth token on a background thread.

//---------------------------------------------------------------------------------------------------
// AndroidClient.java
//---------------------------------------------------------------------------------------------------
/**
     * Method receives an account chosen by user and attempts to retrieve an auth token.
     * 
     * @param account
     *           is the account chosen from account list during setup.
     */
public void checkAccount(final Account account)
{
    Auth.background()
    {
        @Override
        public void run()
        {
            Auth.checkAccount(account, this, new CustomCallback()
            {
                @Override
                public void handle(int resultCode)
                {
                    if(resultCode==1)
                    {
                        // Success
                        // Auth token has been received and in future... calls to the method 
                        // setAuthToken will succeed.
                    }
                    else
                    {
                        // Fail
                        // User did not grant access to the application. Retry later.
                    }
                }
            });
        }
    });
}
//---------------------------------------------------------------------------------------------------
// Auth.java
//---------------------------------------------------------------------------------------------------
private static final String    baseUrl        = "https://thoth-server.appspot.com";
private static final String    loginUrl        = baseUrl + "/_ah/login";
private static final String    checkUrl        = baseUrl + "/app/hello";
private static String            authToken    = null;
private static Cookie            authCookie    = null;
public  static DefaultHttpClient client=null;

 /**
     * Method retrieves an auth token for an account. User is shown a popup to authorise the application.
     * 
     * @param account
     *           account chosen from account list during setup.
     * @param activity
     *             the activity currently active
     * @param checkCallback
     *             a callback implementation
     */
public static void checkAccount(final Account account, final Activity activity, final CustomCallback checkCallback)
{
    AccountManager am = AccountManager.get(ctx);
    AccountManagerCallback<Bundle> callback = new AccountManagerCallback<Bundle>()
    {
        @Override
        public void run(AccountManagerFuture<Bundle> future)
        {
            try
            {
                setAuthToken(account, true);
                checkCallback.handle(0);
            }
            catch (Exception e)
            {
                checkCallback.handle(-1);
            }
        }
    };
    am.getAuthToken(account, "ah", null, activity, callback, null);
}
/**
     * Method retrieves an auth token for a previously authorised application.
     * 
     * @param account
     *           account chosen from account list during setup.
     * @param invalidate
     *             flag to indicate if token should be renewed
     */
public static void setAuthToken(Account account, boolean invalidate)
{
    AccountManager am = AccountManager.get(ctx);
    AccountManagerCallback<Bundle> callback = new AccountManagerCallback<Bundle>()
    {
        @Override
        public void run(AccountManagerFuture<Bundle> future)
        {
            try
            {
                authToken = future.getResult().getString(AccountManager.KEY_AUTHTOKEN);
            }
            catch (OperationCanceledException e)
            {
                Logger.e(e);
            }
            catch (AuthenticatorException e)
            {
                Logger.e(e);
            }
            catch (IOException e)
            {
                Logger.e(e);
            }
            catch (Exception e)
            {
                Logger.e(e);
            }
        }
    };
    am.getAuthToken(account, "ah", false, callback, null);
    if (invalidate && authToken != null)
    {
        am.invalidateAuthToken(account.type, authToken);
        setAuthToken(account, false);
    }
}
 

1. With the auth token in hand we can now exchange it against our web-service for an auth cookie. Following steps are performed during this process:
   1. Create a SSL client. (Optional : web-service is configured to only allow SSL)
   2. Send a GET request to login url exposed by the web-service. The GET request requires some information as follows
      1. End-point: Starts like https://thoth-server.appspot.com /_ah/login
      2. Redirect URL: like https://thoth-server.appspot.com /app/hello
      3. Auth Token we retrieved earlier encoded in UTF in the variable“auth”
   3. Our request will either return an HTTP 200 or 302. The response will also have the auth cookie set by the web-service.
   4. The SACSID cookie is set on the HttpClient – Auth.client. Auth.client is the object that will now be used for all communication with the web-service.
   5. The method hello shows how the HttpClient can be used to make subsequent request with the web-service.

//---------------------------------------------------------------------------------------------------
// Auth.java 
//---------------------------------------------------------------------------------------------------

 /**
     * Method retrieves an authenticated SACSID/ACSID cookie for an auth token retrieved earlier.
     */
public static void setAuthCookie()
{
    Auth.background()
    {
        @Override
        public void run()
        {
            try
            {
                // We create an SSL client to speak to our web-service
                // To avoid an SSL cert exceptions, we are creating a generic hostname verifier
                // as we intend to use our own web-service.
                //
                HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
                BasicHttpParams params = new BasicHttpParams();
                SchemeRegistry schemeRegistry = new SchemeRegistry();
                schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
                SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory();
                schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
                ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry);
                //
                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
                DefaultHttpClient client = new DefaultHttpClient(cm, params);
                //
                String cookieUrl = loginUrl + "?continue=" + URLEncoder.encode(checkUrl, "UTF-8") + "&auth=" + URLEncoder.encode(authToken, "UTF-8");
                HttpGet req = new HttpGet(cookieUrl);
                client.getParams().setBooleanParameter(ClientPNames.HANDLE_REDIRECTS, false);
                HttpResponse resp = client.execute(req);
                String respStr = EntityUtils.toString(resp.getEntity());
                int respCode = resp.getStatusLine().getStatusCode();
                if (respCode == HttpURLConnection.HTTP_OK || respCode == HttpURLConnection.HTTP_MOVED_TEMP)
                {
                    for (Cookie cookie : client.getCookieStore().getCookies())
                    {
                        if (cookie.getName().equalsIgnoreCase("SACSID")) // Since we are authentication on SSL we receive SACSID else we will receive ACSID
                        {
                            authCookie = cookie;
                            Auth.client = client;
                            break;
                        }
                    }
                }
                else
                    throw new Exception(respStr);
            }
            catch (Exception e)
            {
                Logger.e(e);
            }
        }
    });
}

 /**
     * Method makes a GET request to web-service with an authenticated client which has an 
     * authenticated SACSID/ACSID cookie set by an earlier auth request.
     */
public static void hello(final RequestCallback reqCallback)
{
    DefaultHttpClient    CLIENT    = Auth.client;
    Auth.background()
    {
        @Override
        public void run()
        {
            try
            {
                HttpResponse resp = CLIENT.execute(new HttpGet(checkUrl));
                String respStr = EntityUtils.toString(resp.getEntity());
                int respCode = resp.getStatusLine().getStatusCode();
                if (respCode == HttpURLConnection.HTTP_OK || respCode == HttpURLConnection.HTTP_MOVED_TEMP)
                {
                    if(null!=respStr && respStr.length()>0)
                        reqCallback.handle(1);
                    else
                        throw new Exception(respStr);
                }
                else
                    throw new Exception(respStr);
            }
            catch (Exception e)
            {
                Logger.e(e);
                reqCallback.handle(-1);
            }
        }
    });
} 

 This is the basic skeleton of using the AccountManager to retrieve an auth cookie in Android. The web-service we used in this step is described in the next section

Building a web-service on AppEngine to communicate with an Android client

1. The web-service we develop here is built on the Google AppEngine platform. The essence of implementation will remain same irrespective of platform or language.
2. If you do not know how to create a RESTful web-service on AppEngine you should read about it first.
3. For our use-case we need to define a single endpoint – https://thoth-server.appspot.com /app/hello. This endpoint is configured to receive a GET request and check if the calling client has been authenticated by Google Account service. Following are steps we need to build the web-service
   1. We create a router to process GET requests.
   2. Extract cookies set on the request and check for existence of SACSID or ACSID cookies.
   3. Return a hash of the cookie value. (Sanity check)

import org.restlet.data.Status;
import org.restlet.representation.Representation;
import org.restlet.representation.StringRepresentation;
import org.restlet.resource.Get;
import org.restlet.resource.ServerResource;

 public class AppHello extends ServerResource
{
    @Get
    public Representation hello()
    {
        Representation resp = null;
        Request request = getRequest();
        for (Cookie cookie : request.getCookies())
        {
            if (cookie.getName().equalsIgnoreCase("SACSID") && !(cookie.getValue()).isEmpty())
            {
                setStatus(Status.SUCCESS_OK);
                resp = new StringRepresentation(MD5.getMD5HEX(cookie.getValue()));
                break;
            }
        }
        if (null == resp)
        {
            setStatus(Status.SERVER_ERROR_INTERNAL);
            resp = new StringRepresentation("Could not secure.");
        }
        return resp;
    }
}
 

 In this tutorial we learnt how to use the AccountManager class in Android to request for an auth token and retrieve an auth cookie with the same against a Google AppEngine deployed RESTful webservice.