Skip to content
This repository has been archived by the owner on Apr 2, 2020. It is now read-only.

appauth android

Jump to bottom
gasmyr edited this page Apr 16, 2018 · 8 revisions

AppAuth Android Wiki

AppAuth for Android is a client SDK for communicating with OAuth 2.0 and OpenID Connect providers. It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language. In addition to mapping the raw protocol flows, convenience methods are available to assist with common tasks like performing an action with fresh tokens. More information can be found here.

Prerequisite

  1. A Gluu Server up and running(installation doc is here)
  2. AndroidStudio with a virtual/real device(downloadable here)

Overview

This document describe how to use the AppAuth android library to implement authentication/authorization using Gluu server as IDP. The AppAuth Android demo app is use here for convenience. Below are steps we are going to go through:

  1. OpenId Client registration on Gluu Server
  2. Clone and customize the AppAuth android demo
  3. Demonstration

OpenId Client registration on Gluu Server

We need to register the android app we want to protect using AppAuth Android library in Gluu server. You can follow this documentation to add openid client on gluu server. The following are the required fields and their respective value.

  • Client Name: We use AppAuthAndroidApp, you can use what ever name you want here.
  • Application Type: Native or Web
  • Pre-Authorization: False
  • Persist client Authorizations: True
  • Authentication method for the Token Endpoint: none
  • Redirect Login URIs: make sure the value provide here is an hierarchical and absolute uri. We use appscheme://client.example.com for our testing purpose
  • Scopes: openid,profile,email
  • Grant types: authorization_code
  • Response Types: code

!!! Note Take note of the client_id value after registration. That value is required in the Android App Side and looks like this @!ACCF.2BA5.0292.66A5!0001!6990.4C6C!0008!36B8.5CE5.24E2.91AD.

Clone and customize the AppAuth android demo

  • Clone the AppAuth Android demo app: If you have git install on your computer you can clone the app using the below command:#git clone https://github.com/openid/AppAuth-Android.git. Else you can download the demo app from this link.

  • Import the Demo app in Android Studio:

  • Configure the Demo App: Replace following auth_config.json file of app located at app/res/raw/auth_config.json with following content: { "client_id": "Put ClientId obtained from registration here", "redirect_uri": "your redirect_uri here. Example: appscheme://client.example.com", "authorization_scope": "openid email profile", "discovery_uri": "<IDP hostname>.well-known/openid-configuration", "authorization_endpoint_uri": "", "token_endpoint_uri": "", "registration_endpoint_uri": "", "https_required": true }

  • Change the build.gradle file Change this line in build.gradle file of the app module: manifestPlaceholders = [ 'appAuthRedirectScheme': 'appscheme://client.example.com' ]

  • Change this lines in AndroidManifest.xml for the app module.

  • For local testing your emulator will be able to resolve the gluu instance hostname. That can be perform by adding an entry in /etc/hosts of the device. Look here to see how you can do that.

  • Certificate issue: If your idp url is https based, then you may need to make sure that the certificate is signed by a known CA. For testing purpose you can write a code to disable certificate check(all certificates will be trusted).

Demonstration

  • Make sure there is a user register in Gluu server that you can use to test the application. Use Oxtrust Gui to do that.

  • Launch the app from Android Studio: You will see this screen:

  • Click the START AUTHORIZATION button: That will redirect you to your gluu instance login page

  • Provide the user credentials and hit the login button The result is something like this:
Clone this wiki locally