Lock.Android: Native Social Authentication

Native Provider - Google

You can use Google AuthProvider to log in with or without Lock. Make sure to follow the instructions in the setup section.

Lock-Google.Android requires Android API 15 or later & Google Play Services 10.+

Latest version of Lock-Google

The Lock-Google is available through Maven Central and JCenter. To install it, simply add the following line to your build.gradle:

compile 'com.auth0.android:lock-google:1.+'

You can check for the latest version on the repository Readme, in Maven, or in JCenter.

Lock-Google Setup

Google Developers Console

  1. Go to the Google Developers Console and create a new Project.

  2. Complete the OAuth Consent Screen by at least providing a valid Email Address and Name.

  3. On the left side you have the navigation drawer, click Credentials.

  4. Create a new credential by clicking the Create Credentials button and choosing OAuth client ID. Next, choose Web Application and give it a name like "Auth0 Server Google-OAuth". Complete the Authorized redirect URIs by filling the field with your callback URL, which should look like https://{yourDomain}/login/callback. Make sure to press ENTER before leaving the field and then click the Create button. Take note of the CLIENT ID and CLIENT SECRET values as we're going to use them later.

  5. Create a new credential by clicking the Create Credentials button and choosing OAuth client ID. Next, choose Android and give it a name like "Auth0 Android Google-OAuth". Obtain the SHA-1 of the certificate you're using to sign your application and complete the first field with it. If you need help obtaining the SHA-1 check this section. Finally, complete the last field with your android application Package Name and then click the Create button. Take note of the CLIENT ID value as we're going to use it later.

Auth0 Dashboard

  1. Go to the Auth0 Dashboard and click Social Connections.

  2. Click Google and a dialog will prompt.

  3. Complete the "Client ID" field with the CLIENT ID value obtained in the step 4 of the Google Developers Console section above.

  4. Complete the "Client Secret" field with the CLIENT SECRET value obtained in the step 4 of the Google Developers Console section above.

  5. Complete the "Allowed Mobile Client IDs" field with the CLIENT ID obtained in the step 5 of the Google Developers Console section above.

  6. Click the Save button.

  7. Go to the Auth0 Dashboard and click Applications. If you haven't created yet one, do that first and get into your application configuration page.

  8. At the bottom of the page, click the "Show Advanced Settings" link and go to the "Device Settings" tab.

  9. In the Android section, complete the Package Name with your application's package name. Finally, complete the Key Hashes field with the SHA-256 of the certificate you're using to sign your application. If you need help obtaining the SHA-256 check this section. Click the "Save Changes" button.

Android application

  1. In your android application, create a new String resource in the res/strings.xml file. Name it google_server_client_id and set as value the CLIENT_ID obtained in the step 5 of the Google Developers Console setup section above.

  2. Add the Google Play Services version MetaData to the AndroidManifest.xml file, inside the Application tag.

    <meta-data
        android:name="com.google.android.gms.version"
        android:value="@integer/google_play_services_version" />

    Was this helpful?

    /

  3. Add the Internet Android permission to your AndroidManifest.xml file.

    <uses-permission android:name="android.permission.INTERNET" />

    Was this helpful?

    /

  4. When creating a new instance of the GoogleAuthProvider pass the google_server_client_id value obtained previously as the first parameter:

    public class MainActivity extends AppCompatActivity {
      private GoogleAuthProvider provider;
      // ...
    
      @Override
      protected void onCreate(Bundle savedInstanceState) {
        Auth0 auth0 = new Auth0(getString(R.string.com_auth0_client_id), getString(R.string.com_auth0_domain));
        auth0.setOIDCConformant(true);
        AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
        provider = new GoogleAuthProvider(getString(R.string.google_server_client_id), client);
      }
    
      // ...
    }

    Was this helpful?

    /

If you need further help with the Google SDK setup, please check Google's Sign-In for Android Guide.

Usage without Lock

If you plan to use this provider without Lock, make sure you override the onActivityResult() method and redirect the call to the provider instance. Finally, call start to begin the authentication process.

// Define your own request codes
private static final int RC_PERMISSIONS = 101;
private static final int RC_AUTHENTICATION = 102;

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    if (provider.authorize(requestCode, resultCode, data)) {
        return;
    }
    super.onActivityResult(requestCode, resultCode, data);
}

private void beginAuthentication(){
  provider.start(this, callback, RC_PERMISSIONS, RC_AUTHENTICATION);
}

Was this helpful?

/

That's it, you're ready to run the application and log in using Google native provider!!

Additional Options

Using a custom connection name

To use a custom social connection name to authorize against Auth0, create the GoogleAuthProvider instance using the second constructor:

GoogleAuthProvider provider = new GoogleAuthProvider("my-connection", "google-server-client-id", client);

Was this helpful?

/

Send additional authentication parameters

To send additional parameters on the authentication call setParameters.

Map<String, Object> parameters = new HashMap<>();
//Add entries
provider.setParameters(parameters);

Was this helpful?

/

Requesting a custom Google scope

By default, the scope Scopes.PLUS_LOGIN is requested. You can customize the Scopes by calling setScopes with the list of Scopes. Each Google API (Auth, Drive, Plus..) specify its own list of Google Scopes.

provider.setScopes(Arrays.asList(new Scope(Scopes.PLUS_ME), new Scope(Scopes.PLUS_LOGIN)));

Was this helpful?

/

Requesting custom Android runtime permissions

This provider doesn't require any special Android Manifest Permissions to authenticate the user. But if your use case requires them, you can let the AuthProvider handle them for you. Use the setRequiredPermissions method.

provider.setRequiredPermissions(new String[]{"android.permission.GET_ACCOUNTS"});

Was this helpful?

/

If you're not using Lock then you'll have to handle the permission request result yourself. To do so, make your activity implement the ActivityCompat.OnRequestPermissionsResultCallback interface. When the onRequestPermissionsResult method gets called pass the result to the provider by calling provider.onRequestPermissionsResult.

Log out / clear account.

To log out the user so that the next time they are prompted to input their credentials call clearSession. After you do this the provider state will be invalid and you will need to call start again before trying to authorize a result. Calling stop has the same effect.

provider.clearSession();

Remember the last login

By default this provider will remember the last account used to log in. If you want to change this behavior, use the following method.

provider.rememberLastLogin(false);

Certificate fingerprints

When creating a new OAuth Credential in the Google Developers Console you will need to provide the SHA-1 of the certificate you're using to sign your application. When completing your Application's Configuration in the Auth0 Dashboard you will also need to provide the SHA-256 value. Here is an example of the terminal command to acquire the value, and a sample result.

Command:

keytool -exportcert -alias androiddebugkey -keystore <PATH_TO_YOUR_KEYSTORE> -storepass android | openssl sha1 -binary | openssl base64

Sample output:

no71633JAC3qgzQYCbskprUr55k=

If you need assistance, you can follow this Keystores Guide to acquire those values.

Native Provider - Facebook

You can use Facebook AuthProvider to log in with or without Lock. Make sure to follow the instructions in the setup section.

Lock-Facebook requires Android API 15 or later & Facebook Android SDK 4.+

Latest version

The Lock-Facebook is available through Maven Central and JCenter. To install it, simply add the following line to your build.gradle:

compile 'com.auth0.android:lock-facebook:3.+'

You can check for the latest version on the repository Readme, in Maven, or in JCenter.

Lock-Facebook Setup

Facebook Developers Console

  1. Go to the Facebook Developers Console and create a new App: Choose "Android" and give it a valid name. Click "Create new Facebook App ID".

  2. Add your application's Package Name and the name of the Activity class where you're using the provider and click the Next button.

  3. Add the SHA-1 Base64 encoded Key Hashes of the certificates you're using to sign your application and click the Next button. If you need help obtaining the SHA-1 check this section.

  4. Finally, scroll to the top of the page and click the Skip Quickstart button to go to your Facebook app's page.

  5. On the top of the page, you will find the APP ID and APP SECRET values. Save them as you're going to need them later.

  6. On the left side you have the navigation drawer. Click Settings and then Basic. Turn ON the Single Sign-On switch and click the Save button.

  7. Click Settings and then Advanced. Turn ON the Native or desktop app? switch.

Auth0 dashboard

  1. Go to the Auth0 Dashboard and click Social Connections.

  2. Click Facebook and a dialog will prompt.

  3. Complete the "App ID" field with the APP ID value obtained in the step 5 of the Facebook Developers Console section above.

  4. Complete the "App Secret" field with the APP SECRET value obtained in the step 5 of the Facebook Developers Console section above.

  5. Click the Save button.

  6. Go to the Auth0 Dashboard and click Applications. If you haven't created yet one, do that first and get into your application configuration page.

  7. At the bottom of the page, click the "Show Advanced Settings" link and go to the "Device Settings" tab.

  8. In the Android section, complete the Package Name with your application's package name. Finally, complete the Key Hashes field with the SHA-256 of the certificate you're using to sign your application. If you need help obtaining the SHA-256 check this section. Click the "Save Changes" button.

Android application

  1. In your android application, create a new String resource in the res/strings.xml file. Name it facebook_app_id and set as value the APP ID obtained in the step 5 of the Facebook Developers Console setup section above.

  2. Add the FacebookActivity and facebook_app_id MetaData to the AndroidManifest.xml file, inside the Application tag.

    <activity
        android:name="com.facebook.FacebookActivity"
        android:configChanges="keyboard|keyboardHidden|screenLayout|screenSize|orientation"
        android:label="@string/app_name"/>
    <meta-data
        android:name="com.facebook.sdk.ApplicationId"
        android:value="@string/facebook_app_id" />

    Was this helpful?

    /

  3. Add the Internet Android permission to your AndroidManifest.xml file.

    <uses-permission android:name="android.permission.INTERNET" />

    Was this helpful?

    /

  4. Create a new instance of the FacebookAuthProvider.

    public class MainActivity extends AppCompatActivity {
      private FacebookAuthProvider provider;
      // ...
    
      @Override
      protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        Auth0 auth0 = new Auth0(getString(R.string.com_auth0_client_id), getString(R.string.com_auth0_domain));
        auth0.setOIDCConformant(true);
        AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
        provider = new FacebookAuthProvider(client);
      }
    
      // ...
    }

    Was this helpful?

    /

If you need further help with the Facebook SDK setup, please check Facebook's Getting Started Guide.

Usage without Lock

If you plan to use this provider without Lock, make sure you override the onActivityResult() method of your activity and redirect the call to the provider instance. Finally, call start to begin the authentication process.

// Define your own request codes
private static final int RC_PERMISSIONS = 101;
private static final int RC_AUTHENTICATION = 102;

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    if (provider.authorize(requestCode, resultCode, data)) {
        return;
    }
    super.onActivityResult(requestCode, resultCode, data);
}

private void beginAuthentication(){
  provider.start(this, callback, RC_PERMISSIONS, RC_AUTHENTICATION);
}

Was this helpful?

/

That's it, you're ready to run the application and log in using Facebook native provider!!

Additional options

Using a custom connection name

To use a custom social connection name to authorize against Auth0, call setConnection with your new connection name.

FacebookAuthProvider provider = new FacebookAuthProvider("my_connection_name", client);

Was this helpful?

/

Send additional authentication parameters

To send additional parameters on the authentication call setParameters.

Map<String, Object> parameters = new HashMap<>();
//Add entries
provider.setParameters(parameters);

Was this helpful?

/

Requesting custom Facebook permissions

By default, the permission public_profile is requested. You can customize them by calling setPermissions with the list of Facebook Permissions.

provider.setPermissions(Arrays.asList("public_profile", "user_photos"));

Was this helpful?

/

Requesting custom Android runtime permissions

This provider doesn't require any special Android Manifest Permissions to authenticate the user. But if your use case requires them, you can let the AuthProvider handle them for you. Use the setRequiredPermissions method to specify them.

provider.setRequiredPermissions(new String[]{"android.permission.GET_ACCOUNTS"});

Was this helpful?

/

If you're not using Lock then you'll have to handle the permission request result yourself. To do so, make your activity implement the ActivityCompat.OnRequestPermissionsResultCallback interface. When the onRequestPermissionsResult method gets called pass the result to the provider by calling provider.onRequestPermissionsResult.

Log out / clear account.

To log out the user so that the next time they are prompted to input their credentials call clearSession. After you do this the provider state will be invalid and you will need to call start again before trying to authorize a result. Calling stop has the same effect.

provider.clearSession();

Remember the last Login

By default this provider will remember the last account used to log in. If you want to change this behavior, use the following method.

provider.rememberLastLogin(false);

Certificate fingerprints

When creating a new OAuth Credential in the Facebook Developers Console you will need to provide the SHA-1 of the certificate you're using to sign your application. When completing your Application's Configuration in the Auth0 Dashboard you will also need to provide the SHA-256 value. Here is an example of the terminal command to acquire the value, and a sample result.

Command:

keytool -exportcert -alias androiddebugkey -keystore <PATH_TO_YOUR_KEYSTORE> -storepass android | openssl sha1 -binary | openssl base64

Sample output:

SHA1: BB:0D:AC:74:D3:21:E1:43:07:71:9B:62:90:AF:A1:66:6E:44:5D:75 SHA256: 15:B9:F9:33:9F:E4:E3:68:C2:10:49:17:5D:A8:77:12:7C:8E:57:E9:FF:B7:23:EA:CC:DD:56:08:06:C9:5E:33

If you need assistance, you can follow this Keystores Guide to acquire those values.