Chapter 8. Security and OAuth

Before we get into the details of how we handle events, the moments that are generated by the Mirror API and expressed as cards, whether on the right of the home screen (events that have already taken place) or to its left (events that are upcoming), we need to take a moment to focus on security. Since Glass is such a personal and intimate device, as we’ve discussed, Google takes the notion of security very seriously. As we’ve seen, when you set up Glass you tie it to a Google account, and you’re not expected (or allowed!) to share your Glass with someone else. Google expects you, as a Glassware developer, to take security at least as seriously.


The Mirror API has security tightly integrated into it, so you almost can’t avoid doing the right thing for your users. We’ll start here and see how security is handled within events. Additionally, it is built on top of OAuth2, and many of the libraries you’ll be using take care of the OAuth2 details for you.

The major fact you need to know about Glassware and authorization is that any Glassware built on top of the Mirror API has to authorize the wearer’s Google account for the Glassware to receive updates or be able to share resources like messages and multimedia with it. GDK Glassware, on the other hand, being installed applications that run locally on the device, only need to use authorization if access to certain APIs requires it.

There are some things you will need to know, but the basics aren’t ...

Get Designing and Developing for Google Glass now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.