This library allows you to use accounts as well as the network stack provided by the Nextcloud Files app. Therefore you as a developer don't need to worry about asking the user for credentials as well as you don't need to worry about self-signed ssl certificates, two factor authentication, save credential storage etc.
Please note that the user needs to install the Nextcloud Files app in order to use those features. While this might seem like a "no-go" for some developers, we still think that using this library is worth consideration as it makes the account handling much faster and safer.
- How to use this library
- Additional info
- R8/ProGuard
- Security
- Media
- Known apps
- Troubleshooting
- Flow diagram
- Translations
You can check out the sample app which uses this library to fetch some information via SSO from a Nextcloud instance. The sample app uses the Retrofit approach. Be aware though, that it is for demonstration purposes only. Exception handling, state management etc. must be implemented depending on your use case.
repositories {
// …
maven { url "https://jitpack.io" }
}
dependencies {
// Note: Android Gradle Plugin (AGP) version ≥ 8.2.0 is required.
implementation "com.github.nextcloud:Android-SingleSignOn:1.0.0"
}private void openAccountChooser() {
try {
AccountImporter.pickNewAccount(activityOrFragment);
} catch (NextcloudFilesAppNotInstalledException | AndroidGetAccountsPermissionNotGranted e) {
UiExceptionManager.showDialogForException(this, e);
}
}@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
AccountImporter.onActivityResult(requestCode, resultCode, data, this, new AccountImporter.IAccountAccessGranted() {
@Override
public void accountAccessGranted(SingleSignOnAccount account) {
final var context = getApplicationContext();
// As this library supports multiple accounts we created some helper methods if you only want to use one.
// The following line stores the selected account as the "default" account which can be queried by using
// the SingleAccountHelper.getCurrentSingleSignOnAccount(context) method
SingleAccountHelper.commitCurrentAccount(context, account.name);
// Get the "default" account
SingleSignOnAccount ssoAccount = null;
try {
ssoAccount = SingleAccountHelper.getCurrentSingleSignOnAccount(context);
} catch (NextcloudFilesAppAccountNotFoundException | NoCurrentAccountSelectedException e) {
UiExceptionManager.showDialogForException(context, e);
}
final var nextcloudAPI = new NextcloudAPI(context, ssoAccount, new GsonBuilder().create());
// TODO … (see code in section 4 and below)
}
});
}
@Override
public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) {
super.onRequestPermissionsResult(requestCode, permissions, grantResults);
AccountImporter.onRequestPermissionsResult(requestCode, permissions, grantResults, this);
}
// Complete example: https://github.com/nextcloud/news-android/blob/890828441ba0c8a9b90afe56f3e08ed63366ece5/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/LoginDialogActivity.java#L470-L475// If you stored the "default" account using setCurrentAccount(…) you can get the account by using the following line:
final var ssoAccount = SingleAccountHelper.getCurrentSingleSignOnAccount(context);
// It is also possible to get the "default" account as a LiveData object:
final var ssoAccount$ = SingleAccountHelper.getCurrentSingleSignOnAccount$(context);
// Otherwise (for multi-account support you'll have to keep track of the account names yourself. Note: this has to be the name of SingleSignOnAccount.name)
AccountImporter.getSingleSignOnAccount(context, accountName);
ssoAccount.name; // Name of the account used in the android account manager
ssoAccount.username;
ssoAccount.token;
ssoAccount.url;public NextcloudAPI(Context context, SingleSignOnAccount account, Gson gson) {You'll notice that there is an optional ApiConnectedListener callback parameter in the constructor of the NextcloudAPI.
You can use this callback to subscribe to errors that might occur during the initialization of the API.
The callback method onConnected will be called once the connection to the files app is established.
ℹ️ You can start making requests to the API before that callback is fired as the library will queue your calls until the connection is established¹.
5.1.1) Before using this Single Sign On library, your interface for your Retrofit API might look like this:
public interface API {
String mApiEndpoint = "/index.php/apps/news/api/v1-2/";
@GET("user")
Observable<UserInfo> user();
// use ParsedResponse, in case you also need the response headers. Works currently only for Observable calls.
@GET("user")
Observable<ParsedResponse<UserInfo>> user();
@POST("feeds")
Call<List<Feed>> createFeed(@Body Map<String, Object> feedMap);
@DELETE("feeds/{feedId}")
Completable deleteFeed(@Path("feedId") long feedId);
// …
}ℹ️ If your REST endpoint returns an empty body, you need to specify Observable<EmptyResponse> / Call<EmptyResponse> as return value rather than Observable<Void> / Call<Void> because "Nulls are not allowed in [RxJava] 2.x.".
You might instantiate your Retrofit API by using something like this:
public class ApiProvider {
private final API mApi;
public ApiProvider() {
mApi = retrofit.create(API.class);
}
}public class ApiProvider {
private final API mApi;
public ApiProvider(@NonNull NextcloudAPI.ApiConnectedListener callback) {
final var ssoAccount = SingleAccountHelper.getCurrentSingleSignOnAccount(context);
final var nextcloudAPI = new NextcloudAPI(context, ssoAccount, new GsonBuilder().create(), callback);
mApi = new NextcloudRetrofitApiBuilder(nextcloudAPI, API.mApiEndpoint).create(API.class);
}
}Enjoy! If you're already using Retrofit, you don't need to modify your application logic. Just exchange the API and you're good to go!
ℹ️ If you need a different mapping between your JSON structure and your Java structure you might want to create a custom type adapter using new GsonBuilder().create().registerTypeAdapter(…). Take a look at this example for more information.
NextcloudAPI provides a method called performNetworkRequest(NextcloudRequest request) that allows you to handle the server response yourself.
public class MyActivity extends AppCompatActivity {
private NextcloudAPI mNextcloudAPI;
@Override
protected void onStart() {
super.onStart();
try {
final var ssoAccount = SingleAccountHelper.getCurrentSingleSignOnAccount(this);
mNextcloudAPI = new NextcloudAPI(this, ssoAccount, new GsonBuilder().create());
// Start download of file in background thread (otherwise you'll get a NetworkOnMainThreadException)
new Thread(this::downloadFile).start();
} catch (NextcloudFilesAppAccountNotFoundException | NoCurrentAccountSelectedException e) {
// TODO handle errors
}
}
@Override
protected void onStop() {
super.onStop();
// Close Service Connection to Nextcloud Files App and
// disconnect API from Context (prevent Memory Leak)
mNextcloudAPI.close();
}
private void downloadFile() {
final List<Pair<String, String>> parameters = new ArrayList<>();
parameters.add(new QueryPair("quality", "1024p"));
parameters.add(new Pair<>("someOtherParameter", "parameterValue"));
final var nextcloudRequest = new NextcloudRequest.Builder()
.setMethod("GET")
.setParameter(parameters)
.setUrl(Uri.encode("/remote.php/webdav/sample movie.mp4","/"))
.build();
try (final var inputStream = mNextcloudAPI.performNetworkRequest(nextcloudRequest)) {
while(inputStream.available() > 0) {
inputStream.read();
// TODO do something useful with the data here..
// like writing it to a file…?
}
} catch (Exception e) {
// TODO handle errors
}
}
}Currently the following WebDAV Methods are supported: PROPFIND / MKCOL
The following examples shows how to use the PROPFIND method with a depth of 0.
final List<String> depth = new ArrayList<>();
depth.add("0");
header.put("Depth", depth);
final var nextcloudRequest = new NextcloudRequest.Builder()
.setMethod("PROPFIND")
.setHeader(header)
.setUrl(Uri.encode("/remote.php/webdav/" + remotePath, "/"))
.build();In case that you require some SSO features that were introduced in a specific Nextcloud Files app version, you can run a simple version check using the following helper method:
final int MIN_NEXTCLOUD_FILES_APP_VERSION_CODE = 30030052;
if (VersionCheckHelper.verifyMinVersion(context, MIN_NEXTCLOUD_FILES_APP_VERSION_CODE, FilesAppType.PROD)) {
// Version requirement is satisfied!
}R8 and ProGuard rules are bundled into SSO.
The bundled rules do not cover enabled obfuscation.
Therefore it is recommended to add -dontobfuscate to your app-specific proguard rules.
With R8 full mode being enabled by default since AGP 8.0, you will probably need to handle following app-specific rules yourself (or disable full mode):
According to Gson's sample rules, you still need to configure rules for your gson-handled classes.
# Application classes that will be serialized/deserialized over Gson -keep class com.google.gson.examples.android.model.** { <fields>; }
The same applies to classes which you're using in the api from step 5.1.1
# Application classes that will be serialized/deserialized by Retrofit
-keep class com.google.gson.examples.android.model.**
If you find working less broad rules, contributions to these rules are welcome!
Once the user clicks on Allow in the login dialog, the Nextcloud Files App will generate a token for your app. Only your app is allowed to use that token. Even if another app will get a hold of that token, it won't be able to make any requests to the nextcloud server as the nextcloud files app matches that token against the namespace of your app.
| 2018 (5min) | 2020 (5min) |
|---|---|
 |
 |
If you are experiencing any issues, the following tips might workaround:
- Disable battery optimizations of the Nextcloud Files app, especially in case of a
NextcloudApiNotRespondingException - Permit auto start
- A quickly appearing and disappearing menu when attempting to select an account is often a hint for an outdated Nextcloud Files app
Note that the "Make network request" section in the diagram only shows the workflow if you use the Retrofit API.
We manage translations via Transifex. So just request joining the translation team for Android on the site and start translating. All translations will then be automatically pushed to this repository, there is no need for any pull request for translations.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=64&v=4){kind=small}
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
