Strivacity SDK for Android

Implement Strivacity sign-in journeys into your brand's Android mobile app using Chrome Custom Tabs and Strivacity's Authentication APIs.

This SDK allows you to integrate Strivacity's sign-in journeys into your brand's Android mobile applications. The SDK uses OAuth 2.0 PKCE flow to communicate with Strivacity.

Download

The Strivacity Mobile SDK for Android is available on MavenCentral

implementation 'com.strivacity:sdk:<version>'

Demo App

A demo app is part of this repository. To run the demo app, first, you need to configure credentials.properties file which can be found under the app folder (after you build the app's gradle).

Overview

📘

Note

The internal implementation of the Strivacity Mobile SDK for Android relies on the open-source AppAuth Library.

Strivacity SDK for Android allows for building an application that can communicate with Strivacity using OAuth 2.0 PKCE flow.
You can define your own storage logic using the Storage interface.
A refresh token can be used to refresh the auth state instead of re-running authentication.

Before you use the SDK

You have to define your applicationId in the gradle file of your app:

android {
  defaultConfig {
    manifestPlaceholders = [
      'appAuthRedirectScheme': '<your applicationId>'
    ]
  }
}

📘

You can read more about applicationId here.

Initialize AuthProvider

First, you must call the AuthProvider create method to create an instance:

AuthProvider provider = AuthProvider.create(
    context,
    issuer,                                      // specifies authentication server domain
    clientId,                                    // specifies OAuth client ID
    redirectUri,                                 // specifies the redirect uri
    storage                                      // optional, you can provide the storage logic you implemented using Storage interface, or use the default unsecure storage logic
);

Define more configurations

After you created the provider instance you can add more configs to fit your flow.

provider
    .withScopes()                       // for defining scopes (openid, offline is included by default)
    .withLoginHint()                    // for defining login hint
    .withPrompts()                      // for defining prompts
    .withPostLogoutUri()                // for defining redirect uri after logout

Starting the flow

After a successful setup, you can use the startFlow method to initiate the login process. You have to provide the context and define a callback that is called from this method.

FlowResponseCallback callback = new FlowResponseCallback() {
    @Override
    public void success(
        @Nullable String accessToken,
        @Nullable Map<String, Object> claims
    ) {
        // add success logic here
    }
    
    @Override
    public void failure(@NonNull AuthFlowException exception) {
        // handle error
    }
}
provider.startFlow(context, callback);

Get access token

To obtain the access token you can use getAccessToken method to retrieve it from the auth state or the method tries to refresh it using the refresh token. Claims also return with the access token. You can take the same callback here like in startFlow.

FlowResponseCallback callback = new FlowResponseCallback() {
    @Override
    public void success(
        @Nullable String accessToken,
        @Nullable Map<String, Object> claims
    ) {
        // add success logic here
    }
    
    @Override
    public void failure(@NonNull AuthFlowException exception) {
        // handle error
    }
}
provider.getAccessToken(callback);

Get claims

You can get the claims from the last id token response (if it exists).
You can call the getLastRetrievedClaims method which returns a Map object that contains the claims. If there wasn't any claim, null returns.

Map<String, Object> claims = provider.getLastRetrievedClaims();

Perform logout

After the logout, callback function is called both on success or failure logout. If there was no auth state then it's just removed from the storage.

EndSessionCallback callback = new EndSessionCallback() {
    @Override
    public void finish() {
        // add some logic here
    }
}
provider.logout(context, callback);

Checking if authState is authenticated

There is a method where you can check if the auth state stored in the storage is authenticated or not.

provider.checkAuthenticated(isAuthenticated -> {
    // add some logic here
});

Author

Strivacity [[email protected]](mailto:[email protected])

License

Strivacity is available under the Apache License, Version 2.0. See the LICENSE file for more info.