Authenticating Android clients with Devise and Google Apps

Between this blog post and this question on StackOverflow, you can piece together a way to authenticate users against a Rails app using Devise that goes something like this:

1. Subclass Devise::SessionsController in order to create a custom endpoint. For our purposes let's have match '/auth/google_apps/android_login, to: 'sessions#android_login'.

2. In our custom SessionsController, implement android_login as detailed in the SO post--here's a gist with my take on it.

3. Follow the instructions in the blog post for your Android setup. However, when requesting an auth token, replace the GAE-specific line in the blog post with this: accountManager.getAuthToken(account, "oauth2:https://www.googleapis.com/auth/userinfo.email", false, new GetAuthTokenCallback(), null); This will request permissions to access the user's email address.

4. After retrieving the auth token, append it as a param to your authentication request: HttpGet httpGet = new HttpGet("http://10.0.2.2:3000/auth/google_apps/android_login?token=" + tokens[0]);

You can see the full Android implementation here. Keep in mind that the my execution is sloppy and meant as a proof of concept, and that I've just started doing Android development, so don't read too much into the implementation.