Skip to content

pubnative/opengdpr-client-android

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

gradle/wrapper

gradle/wrapper

 
 

opengdpr.client

opengdpr.client

 
 

opengdpr.demo

opengdpr.demo

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.gradle

build.gradle

 
 

gradle.properties

gradle.properties

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

settings.gradle

settings.gradle

 
 

Repository files navigation

OpenGDPR Android Client

OpenGDPR Android client is a module which will allow app developers to integrate the OpenGDPR Api as specified in their homepage.

Currently many partners implement their own ways to manage user consent and process the requests coming from data subjects themselves or from third-party vendors which share personal information about their users. OpenGDPR Client complies with the standard defined by OpenGDPR to have a common way to communicate between partners and therefore makes room for a seamless integration of new vendors.

Contents

Integration

To integrate the OpenGDPR client, you can add the opengdpr.client module from the repo to your own Android project.

Usage

To define the url of the OpenGDPR Api you will be using you can modify the constants in the OpenGDPREndpoints class. You can change the base url and add or remove path components if required.

Open GDPR Discovery

The discovery endpoint of the OpenGDPR Api specification returns the identity and request types supported by the server and a download link to the public key that can be used to validate the Signature received on the response headers.

To make a request to the discovery endpoint you should use OpenGDPRDiscoveryClient.

OpenGDPRDiscoveryClient client = new OpenGDPRDiscoveryClient();
client.fetchDiscoveryData(this, new OpenGDPRDiscoveryClient.DiscoveryListener() {
    @Override
    public void onSuccess(DiscoveryResponseModel model) {
        try {
            // Handle response
        } catch (Exception e) {
            Log.e(TAG, e.getMessage());
        }
    }

    @Override
    public void onFailure(Throwable error) {
        Log.e(TAG, error.getMessage());
    }
});

Up to the current version the client is not caching the certificate that this endpoint receives, therefore it needs to be cached in memory if the response signature will be checked.

Open GDPR Request

The request endpoint of the OpenGDPR Api specification allows the client to place a request for access, portability or erasure of a data subject's info.

Currently the client is not caching the request and identity type information retrieved in the discovery endpoint, therefore it won't fail automatically if some invalid request or identity is passed.

You should use the RequestIdentityModel to create the identities that will be passed to the request.

In the interfaces IdentityType and IdentityFormat you can find the constants needed to define the type and format of the identities provided. It is recommended to use these constants since they contain all the supported params defined by the OpenGDPR specification and to avoid typos. For the hashes the class Crypto can be used. It provides the required methods to turn String into sha1, md5 and sha256 hashes.

String mail = "test@mail.com";
RequestIdentityModel identity1 = new RequestIdentityModel();
identity1.setIdentityType(IdentityType.EMAIL);
identity1.setIdentityFormat(IdentityFormat.RAW);
identity1.setIdentityValue(mail);

RequestIdentityModel identity2 = new RequestIdentityModel();
identity2.setIdentityType(IdentityType.EMAIL);
identity2.setIdentityFormat(IdentityFormat.MD5);
identity2.setIdentityValue(Crypto.md5(mail));

To make a request to the endpoint you should use OpenGDPRRequestClient.

In the interface RequestType you can find the constants needed to define the request type. It is recommended to use these constants since they contain all the supported params defined by the OpenGDPR specification and to avoid typos.

The client will automatically generate a requestId but if you want to provide your own UUID you can call the function setRequestId(String requestId) of the OpenGDPRRequest.

OpenGDPRRequest request = new OpenGDPRRequest();
request.addIdentity(identity1);
request.addIdentity(identity2);
request.setType(RequestType.ACCESS);
//optional
request.setRequestId(UUID.randomUUID().toString());


OpenGDPRRequestClient client = new OpenGDPRRequestClient();
client.doRequest(this, request, new OpenGDPRRequestClient.RequestListener() {
    @Override
    public void onSuccess(OpenGDPRResponseModel model) {
        try {
            // Handle response
        } catch (Exception e) {
            Log.e(TAG, e.getMessage());
        }
    }

    @Override
    public void onFailure(Throwable error) {
        Log.e(TAG, error.getMessage());
    }
});

The client is currently not doing any response handling so the requestId must be cached in order to be used later if the Status or Cancellation endpoints will be called.

Open GDPR Request Status

The status endpoint of the OpenGDPR Api specification should return the current state of a request based on the requestId provided.

To make a request to the status endpoint you should use OpenGDPRStatusClient.

OpenGDPRStatusClient client = new OpenGDPRStatusClient();
client.fetchRequestStatus(this, <REQUEST_ID>, new OpenGDPRStatusClient.StatusListener() {
    @Override
    public void onSuccess(StatusResponseModel model) {
        try {
            // Handle response
        } catch (Exception e) {
            Log.e(TAG, e.getMessage());
        }
    }

    @Override
    public void onFailure(Throwable error) {
        Log.e(TAG, error.getMessage());
    }
});

Open GDPR Request Cancellation

The cancellation endpoint of the OpenGDPR Api specification should allow the client to cancel a request with the provided requestId.

To make a request to the cancellation endpoint you should use OpenGDPRCancellationClient.

OpenGDPRCancellationClient client = new OpenGDPRCancellationClient();
client.doCancellationRequest(this, <REQUEST_ID>, new OpenGDPRCancellationClient.CancellationListener() {
    @Override
    public void onSuccess(CancellationResponseModel model) {
        try {
            String content = model.toJson().toString();
            mResultView.setText(content);
        } catch (Exception e) {
            Log.e(TAG, e.getMessage());
        }
    }

    @Override
    public void onFailure(Throwable error) {
        Log.e(TAG, error.getMessage());
    }
});

Pending features

Based to the OpenGDPR specification, a few features are still missing to be fully compliant with the definition.

  • Cache the public key retrieved from the Discover endpoint.
  • Check the signature received on the response headers using the public key.
  • Cache the supported identity types retrieved from the Discovery endpoint to do a request validation before sending to the server.
  • Cache the supported request types retrieved from the Discovery endpoint to do a request validation before sending to the server.

Misc

License

This code is distributed under the terms and conditions of the MIT license.

Contributing

If you fix a bug you discovered or have development ideas, feel free to make a pull request.

About

OpenGDPR Client for Android

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

15 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages