Before your server can trust that a Google ID Token actually comes from a valid user, you need to validate it. Validation of an ID token requires two steps:

• Verify that the value of the aud field in the ID token is identical to your app’s client ID and that the iss is accounts.google.com
• Verify that the ID token is a JWT which is properly signed with an appropriate Google public key and has not expired

Anatomy of an ID Token

An ID Token consists of three sections separated by dots: header.body.signature. Here is an example taken from Google:

1
eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIxNDIwNDk1MzA5NDM1MjE2ODU3MSIsImF1ZCI6Ikdvb2dsZSIsInR5cCI6Imdvb2dsZS9wYXltZW50cy9pbmFwcC9pdGVtL3YxIiwiaWF0IjoxMzg1MDc2MTM4LCJleHAiOjEzODUwODIxMzgsInJlcXVlc3QiOnsibmFtZSI6IlBpZWNlIG9mIENha2UiLCJkZXNjcmlwdGlvbiI6IkEgZGVsaWNpb3VzIHBpZWNlIG9mIHZpcnR1YWwgY2FrZSIsInByaWNlIjoiMTAuNTAiLCJjdXJyZW5jeUNvZGUiOiJVU0QiLCJzZWxsZXJEYXRhIjoiWW91ciBEYXRhIEhlcmUifX0.psOU3HlUMGjK_auKEkBhSLzi5n2ATUtaxn_XItGvdhA

I already wrote a post explaining how to sign-in to Google+ from an Android app. Now I want to be able to match all requests my app makes with the user associated with those requests.

Google uses the OpenID protocol and ID Tokens to make this possible. An ID Token consists of two JSON objects, base64 encoded, concatenated and cryptographically signed. This token can be attached to your requests so your server knows who is the user it should associate the request with. This token must be kept secret because anybody using it will be able to identify themselves as the user. To keep the token safe always use HTTPS and transfer it as an HTTP header.

I’m building a system for which I want to use Google+ as authentication system. This will allow me to focus on my app instead of worrying about building a secure authentication system.

The first step to building this system is to have my Android app allow users to sign in with Google. We are going to build a simple Android app that allows users to Sign In using their Google+ account.

Scaffolding the app

To get started we can use a generator I created with yeoman. Once installed create an empty folder and run:

1
yo android-minimal

At this point you should be able to build and run a very simple app.

The title for this post might sound vague, but the reason I’m writing it is because in JavaScript this is true:

1
(.1 + .2) !== .3;

This makes my head explode so I want to understand better the reason for this.

IEEE 754

It turns out that JavaScript only has one number type, unlike other programming languages that have many types(int, long, float, etc…). The type JavaScript uses is defined by the IEEE 754 standard for floating point numbers. This format is good because many hardware manufacturers ship they chips with support for this standard which makes operations on these numbers really fast.

Every time I start a new project I go to old projects to review and copy my build steps and linting rules among other things. A good developer would have automated the creation of a new project instead of going back every time. I want to redeem myself so I’m taking a look a Yeoman.

Yeoman is a tool for scaffolding web apps. It basically allows you to create custom reusable app skeletons called generators.

Install

1
npm install -g yo

If you appreciate elegant code that is easier to read and consistent from file to file you probably want to start using checkstyle on you java projects.

If your project is a simple java project that uses gradle you can start using checkstyle by adding this to your build.gradle file:

1
apply plugin: 'checkstyle'

and creating this file under config/checkstyle/checkstyle.xml (I stole it from Marco’s example):

After upgrading to gradle 2.2.1 I started having some weird issues with my PMD plugin. I kept getting this error:

1
2
3
4
5
6
7
8
[adrian@localhost project]$ gradle pmdMain
:pmdMain
* file: ./src/main/java/src/com/ncona/project/File.java
    src:  File.java:45:45
    rule: UselessParentheses
    msg:  Useless parentheses.
    code: getCurrentTime() + (1000 * 60 * 60 * 2),
...

It has happened multiple times that I am doing a code review and I find issues like trailing white space or tabs instead of spaces. This annoys me because it is something that your editor should do for you for free. It annoys me even more when I ask the developer to configure their editor to remove trailing white space and they tell me they don’t know how to do it. In most scenarios they are using Eclipse or some other fancy IDE that I am not familiar with, so I can’t help them much. EditorConfig will help me with that problem.

From now on I plan to add an .editorconfig file to all my projects and simply ask my colleagues to install the plugin on their IDE.

Lets see how to install the plugin for VIM. Assuming you have pathogen installed you should only need this:

The question

Given a stream of unsorted integers, find the median element in sorted order at any given time. So, we will be receiving a continuous stream of numbers in some random order and we don’t know the stream length in advance. Write a function that finds the median of the already received numbers efficiently at any time. We will be asked to find the median multiple times. Just to recall, median is the middle element in an odd length sorted array, and in the even case it’s the average of the middle elements.

The question

Given a sorted array of unknown length and a number to search for, return the index of the number in the array. Accessing an element out of bounds throws exception. If the number occurs multiple times, return the index of any occurrence. If it isn’t present, return -1.

My answer

Reading the question there is one question that came to my mind: Can the exception be handled?. Assuming that it can’t I think the only alternative would be to check all elements starting from the first one. I will assume the exception can be handled so I can come with a better solution.