Google Login on Android

Hi Team,

Hope you all are well, we are having some issues with getting our google login working, I don’t think we’re passing the correct token to backendless/google. See error below:

Response from OAuth2 provider server: Unauthorized
  "error": {
    "code": 401,
    "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See",
    "status": "UNAUTHENTICATED"
', detail: 'GUID: 8714F55E-72EE-0BD3-FF3D-E8FD6F98A100
 Error during obtaining user data.
 Response from OAuth2 provider server: Unauthorized
  "error": {
    "code": 401,
    "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See",
    "status": "UNAUTHENTICATED"
', extendedData: '{}' }

Would it be possible to get sample code of how you generate the token to put into Backendless.UserService.loginWithOAuth2, at the moment we have something like this:

val token = ""
            val gso = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
            googleSignInClient = GoogleSignIn.getClient(this@LoginActivity, gso)

I did note that @Andriy_Konoz had suggested a solution at the end of Your LoginWithGooglePlusSDK and your presented sample are deprecated - #15 by Andriy_Konoz
Unfortunately we are still struggling, if you have a sample project/code it would help a lot!

Hello @Reece_Smith

We have an example in our AndroidSDK, take a look: Android-SDK/ at master · Backendless/Android-SDK · GitHub

Regards, Vlad

Hi Vlad,

Thanks for this, just looking at the code:

tokenResponse = new GoogleAuthorizationCodeTokenRequest(
				new NetHttpTransport(),
				"")  // Specify the same redirect URI that you use with your web
				// app. If you don't have a web version of your app, you can
				// specify an empty string.

Are you suggesting its ok to put the client ID and client Secret in the android application? Note that we have already provided this to backendless server side under the users - login providers bit?

Google also suggests don’t put the secret on the client: 서버 측 앱용 Google 로그인  |  Google Sign-In for Websites  |  Google Developers

Are there other implementations that don’t require us to put the secret in the client code?

Hi @Reece_Smith !

Yes, there is another implementation which doesn’t require provider token from client. You can use “simple login” flow.
With this flow you do not need to obtain token directly. Instead you will receive URL from the server which you should show user in controlled environment. It will open Google login window and after login will contain user auth token for Backendless.
More information about this flow you can find by the following link Social and OAuth2 Logins - Backendless REST API Documentation

Regards, Andriy

Hi Andriy,

Do you have some sample code for this suggestion?


Hi @Reece_Smith ,

Unfortunately no, we do not have example project for such case.

You should obtain authorization URL using following route route Social and OAuth2 Logins - Backendless REST API Documentation . After that show this URL to your user using WebView (WebView  |  Android Developers) and subscribe app to events of this view (WebViewClient  |  Android Developers). Your app should listen to event which is triggered when Backendless returns user info with auth-token. When such event received, read user data, close view and extract user auth token from user data.

More information about Authorization URL.
Authorization URL will lead user to Google Auth dialog. When user completes authorization in that dialog, Google will redirect him to the Backendless route which will complete authorization in Backendless and will return user info with user token.

I hope that this information will help you.

Regards, Andriy

Hi @Andriy_Konoz

Still a bit stuck on this, we’ve got the Url link from: getAuthorizationUrlLink
This gives us this URL:

When we then sign in with that URL we are redirected to:

Above you mention we should get ‘Backendless returns user info with auth-token’ what are we supposed to do with that URL to get the user object so that we are logged in?

Hi @Reece_Smith !

You should call that URL by which you was redirected. In response you will get object with user data. Among that data will be “user-token” field which will contain auth-token for Backendless API.

As you can see, among URI params in redirect Google passes OAuth2 code. That code will be exchanged by Backendless server on Google OAuth2 token which will be used to obtain user info from Google API.

Regards, Andriy

Hi Andriy,

When we call the url we get, it’s just a blank page (GET req) any ideas?

@Reece_Smith ,

I can confirm that there is a bug related to Android API key. I have created internal ticket BKNDLSS-26799 for that problem. Our team reach you out when fix will be available.

As temporal workaround try to use REST API key in your application if it’s possible.

Regards, Andriy

Hi, @Reece_Smith

We have just updated our cloud servers with a fix for the issue with the Android API key used in the “simple login” flow. The redirect page now contains JSON data of the logged-in user. Could you please let us know if the fix works for you?

Regards, Marina