我开始开发一个处理用户登录、注册、查看其身份验证信息(个人资料等)的应用程序。我在 android 中看到了模板登录活动。这似乎是一个很好的起点,但我不确定从这里去哪里。
我想知道在 android 中管理这样的应用程序的最佳实践是什么。我已经通过了Authorization和AccountManager,但发现我的应用程序中不需要任何这些。因为我不想保留用户可以从“帐户和同步”中查看的帐户。
用户应使用网络服务进行身份验证/注册。
所以一旦我通过了身份验证,我在哪里存储凭据?如果我最终将其存储在 中,是否需要对其进行加密SharedPreferences?
用户在应用内浏览时如何管理会话?
此外,有关此主题的任何教程/讨论都将非常有帮助:)
尽管将其注销,但听起来您正在寻找 AccountManager。AndroidSDK 中的旧版 SampleSyncAdapter 项目包含一个完整示例,说明如何将其用于您描述的那种凭证和会话管理:
/**
* This class is an implementation of AbstractAccountAuthenticator for
* authenticating accounts in the com.example.android.samplesync domain. The
* interesting thing that this class demonstrates is the use of authTokens as
* part of the authentication process. In the account setup UI, the user enters
* their username and password. But for our subsequent calls off to the service
* for syncing, we want to use an authtoken instead - so we're not continually
* sending the password over the wire. getAuthToken() will be called when
* SyncAdapter calls AccountManager.blockingGetAuthToken(). When we get called,
* we need to return the appropriate authToken for the specified account. If we
* already have an authToken stored in the account, we return that authToken. If
* we don't, but we do have a username and password, then we'll attempt to talk
* to the sample service to fetch an authToken. If that fails (or we didn't have
* a username/password), then we need to prompt the user - so we create an
* AuthenticatorActivity intent and return that. That will display the dialog
* that prompts the user for their login information.
*/
(但另请参阅有关该样本失败的答案。)
它通过 Web 服务进行身份验证,处理加密,否则听起来就像您正在寻找的那样。如果有特定原因您认为它不合适,请详细说明。