Integrate your Android App with WSO2 Identity Server using AppAuth SDK

AppAuth-Android SDK

• AppAuth for Android is a client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
• The library follows the best practices set out in RFC 8252 — OAuth 2.0 for Native Apps, including using Custom Tabs for authorization requests. For this reason, WebView is explicitly not supported due to usability and security reasons.
• The library also supports the PKCE extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used.
• This AppAuth-Android is a widely used Android SDK for OAuth/OIDC.

The integration of the SDK with WSO2 IS takes the following steps:

1. Initialize the SDK

2. Perform authorization request and get authorization-code

3. Do authorization-code exchange and get access-token and id-token

4. Get user information from userinfo endpoint

5. Logout the application by calling the logout endpoint

1. Initialize the SDK

• Add AppAuth dependency in the build.gradle file.

dependencies {
:
:
:
 implementation ‘net.openid:appauth:0.7.0’
}

• Add the RedirectSchema in the build.gradle

android.defaultConfig.manifestPlaceholders = [
 ‘appAuthRedirectScheme’: ‘myapplication’
]

In my setup, I have two activities. MainActivity and UserInfoActivity. Main activity has the login button. Once the user clicks the login button, he will be opened up browser tabs.

Once the user clicks login button, in the code level we need to send a browser redirection to the WSO2 identity server to get the authorization code.

Throughout this blog, I’m using the local server to integrate. Since I’m using a local server, I’m using 10.0.2.2 port to integrate.

2. Perform Authorization Request to WSO2 Identity Server.

• Replace your identity server’s hsotname and port instead of 10.0.2.2:9443.
• Replace the applications’ client-id as clientId variable here.
• My application’s redirect url is myapplication://oauth. You can replace it with the your application’s redirect-url.

• It will send an authorization request to WSO2 Identity Server and a login page will be open up on your browser.
• Log in with your credentials.
• You will be prompted with the consent page. According to the code snippets above, I have two activities and if the authorization is a success, you will be redirected to UserInfoActivity. And If it fails, you will be redirected to MainActivity. Once this authorization flow is successful, an authorization code will be sent to the application.
• Now the application has to authorization-code exchange and get the access-token and id-token.

3. Do authorization-code exchange and get access-token and id-token

Use the OAuth application’s client-secret and assign it to secret variable.

Note:

Sometime you may endup in SSL issues if you are trying to integrate with a local server through 10.0.2.2 ip address. Follow this blog to get rid of those issues.

4. Get user information from userinfo endpoint

5. Logout the application by calling the logout endpoint

6. Sample implementation

I have added the above codes at a high level to create a picture on how to integrate with WSO2 IS. Hope it will be helpful to integrate your android-app.

You can find the sample implementation here: https://github.com/piraveena/wso2is-android-sample-app