Auth0 is an authentication broker that supports social identity providers as well as enterprise identity providers such as Active Directory, LDAP, Google Apps and Salesforce.
Lock-Google helps you integrate native Login with Google Android SDK and Lock
This package relies on a token endpoint that is now considered deprecated. If your Auth0 client was created after Jun 8th 2017 you won't be able to use this package. This repository is left for reference purposes.
We recommend using browser-based flows to authenticate users. You can do that using the auth0.android package's WebAuthProvider
class, as explained in this document.
Android 4.0 or later & Google Play Services 10.2.+
The Lock-Google is available through Maven Central and JCenter. To install it, simply add the following line to your build.gradle
:
compile 'com.auth0.android:lock-google:1.1.0'
- Go to the Google Developers Console and create a new Project.
- Add a new OAuth client ID credential for a Web Application. Complete the Authorized redirect URIs by filling the field with your callback URL, which should look like
https://{YOUR_DOMAIN}.auth0.com/login/callback
. Take note of theCLIENT ID
andCLIENT SECRET
values as we're going to use them later, both in your android application as well as in the Auth0 dashboard configuration. - Add a new OAuth client ID credential for an Android application. Obtain the SHA-1 of the certificate you're using to sign your application and complete the first field with it. Complete the last field with your android application Package Name and then click the Create button. Take note of the
CLIENT ID
value as we're going to use it later in the Auth0 dashboard configuration.
- Go to the Auth0 Dashboard and click Social Connections. Click Google and a dialog will prompt.
- Complete the "Client ID" field with the
CLIENT ID
value obtained in the step 2 of the Google Developers Console section above. - Complete the "Client Secret" field with the
CLIENT SECRET
value obtained in the step 2 of the Google Developers Console section above. - Complete the "Allowed Mobile Client IDs" field with the
CLIENT ID
obtained in the step 3 of the Google Developers Console section above. Click the Save button. - Return to the Auth0 Dashboard and click Clients. If you haven't created one yet, do that first and get into your client configuration page. At the bottom of the page, click the "Show Advanced Settings" link and go to the "Mobile Settings" tab.
- In the Android section, complete the Package Name with your application's package name. Finally, complete the Key Hashes field with the SHA-256 of the certificate you're using to sign your application. Click the "Save Changes" button.
- In your android application, create a new String resource in the
res/strings.xml
file. Name itgoogle_server_client_id
and set as value theCLIENT_ID
obtained in the step 2 of the Google Developers Console setup section above. - Add the Google Play Services version MetaData to the
AndroidManifest.xml
file, inside the Application tag.
<meta-data
android:name="com.google.android.gms.version"
android:value="@integer/google_play_services_version" />
- Add the Internet Android permission to your
AndroidManifest.xml
file.
<uses-permission android:name="android.permission.INTERNET" />
- When creating a new instance of the
GoogleAuthProvider
pass thegoogle_server_client_id
value as the first parameter:
public class MainActivity extends AppCompatActivity {
private GoogleAuthProvider provider;
// ...
@Override
protected void onCreate(Bundle savedInstanceState) {
Auth0 auth0 = new Auth0(getString(R.string.com_auth0_client_id), getString(R.string.com_auth0_domain));
final AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
provider = new GoogleAuthProvider(getString(R.string.google_server_client_id), client);
}
// ...
}
Depending on your use case, you'll need to add a few more lines of code to capture the authorization result. Follow the guides below:
If you need further help with the setup, please check Google's Sign-In for Android Guide.
This library includes an implementation of the AuthHandler
interface for you to use it directly with Lock. Create a new instance of the GoogleAuthHandler
class passing a valid GoogleAuthProvider
. Don't forget to customize the scopes if you need to.
Auth0 auth0 = new Auth0("auth0-client-id", "auth0-domain");
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
GoogleAuthProvider provider = new GoogleAuthProvider("google-server-client-id", client);
provider.setScopes(new Scope(DriveScopes.DRIVE_METADATA_READONLY));
provider.setRequiredPermissions(new String[]{"android.permission.GET_ACCOUNTS"});
GoogleAuthHandler handler = new GoogleAuthHandler(provider);
Finally in the Lock Builder, call withAuthHandlers
passing the recently created instance.
lock = Lock.newBuilder(auth0, authCallback)
.withAuthHandlers(handler)
//...
.build(this);
That's it! When Lock needs to authenticate using that connection name, it will ask the GoogleAuthHandler
for a valid AuthProvider
.
We provide this demo in the
FilesActivity
class. We also use the Google Drive SDK to get the user's Drive Files and show them on a list. Because of the Drive Scope, the SDK requires the user to grant theGET_ACCOUNTS
android permission first. Keep in mind that this only affects this demo and that if you only need to authenticate the user and get his public profile, theGoogleAuthProvider
won't ask for additional permissions.
Just create a new instance of GoogleAuthProvider
with an AuthenticationAPIClient
and the Server Client ID
obtained in the Project's Credentials page.
Auth0 auth0 = new Auth0("auth0-client-id", "auth0-domain");
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
GoogleAuthProvider provider = new GoogleAuthProvider("google-server-client-id", client);
Override your activity's onActivityResult
method and redirect the received parameters to the provider instance's authorize
method.
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (provider.authorize(requestCode, resultCode, data)) {
return;
}
super.onActivityResult(requestCode, resultCode, data);
}
Call start
with a custom authentication request code to begin the authentication flow.
provider.start(this, callback, RC_PERMISSIONS, RC_AUTHENTICATION);
That's it! You'll receive the result in the AuthCallback
you passed.
We provide this demo in the
SimpleActivity
class.
To use a custom social connection name to authorize against Auth0, create the GoogleAuthProvider instance using the second constructor:
GoogleAuthProvider provider = new GoogleAuthProvider("my-connection", "google-server-client-id", client);
By default, the scope Scopes.PLUS_LOGIN
is requested. You can customize the Scopes by calling setScopes
with the list of Scopes. Each Google API (Auth, Drive, Plus..) specify it's own list of Scopes.
provider.setScopes(Arrays.asList(new Scope(Scopes.PLUS_ME), new Scope(Scopes.PLUS_LOGIN)));
This provider doesn't require any special Android Manifest Permission to authenticate the user. But if your use case requires them, you can let the AuthProvider handle them for you. Use the setRequiredPermissions
method.
provider.setRequiredPermissions(new String[]{"android.permission.GET_ACCOUNTS"});
If you're not using Lock, then you'll have to handle the permission request result yourself. To do so, make your activity implement ActivityCompat.OnRequestPermissionsResultCallback
and override the onRequestPermissionsResult
method, calling provider.onRequestPermissionsResult
with the activity context and the received parameters.
To log out the user so that the next time he's prompted to input his credentials call clearSession
. After you do this the provider state will be invalid and you will need to call start
again before trying to authorize
a result. Calling stop
has the same effect.
provider.clearSession();
By default, this provider will remember the last account used to log in. If you want to change this behavior, use the following method.
provider.rememberLastLogin(false);
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 helps you to:
- Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, among others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
- Add authentication through more traditional username/password databases.
- Add support for linking different user accounts with the same user.
- Support for generating signed Json Web Tokens to call your APIs and flow the user identity securely.
- Analytics of how, when and where users are logging in.
- Pull data from other sources and add it to the user profile, through JavaScript rules.
- Go to Auth0 and click Sign Up.
- Use Google, GitHub or Microsoft Account to login.
Lock-Google is available under the MIT license. See the LICENSE file for more info.