Android: Login

By Luciano Balmaceda

This tutorial demonstrates how to add user login to an Android application using Auth0. We recommend that you log in to follow this quickstart with examples configured for your account.

I want to integrate with my app

15 minutes

Configure Auth0
Add the Auth0 Android Dependency
Add Authentication with Auth0
Logout

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github

System requirements: Android Studio 3.6.1 | Android SDK 25 | Emulator - Nexus 5X - Android 6.0

New to Auth? Learn How Auth0 works, how it integrates with Native Applications and which protocol it uses.

When you signed up for Auth0, a new application was created for you, or you could have created a new one. You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.

App Dashboard

You need the following information:

Domain
Client ID

If you download the sample from the top of this page, these details are filled out for you.

We suggest you do not hardcode these values as you may need to change them in the future. Instead, use String Resources, such as @string/com_auth0_domain, to define the values.

Edit your res/values/strings.xml file as follows:

<resources>
    <string name="com_auth0_client_id">YOUR_CLIENT_ID</string>
    <string name="com_auth0_domain">YOUR_DOMAIN</string>
</resources>

Was this helpful?/

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated. The callback URL for your app must be added to the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, you should set the Allowed Callback URL to demo://YOUR_DOMAIN/android/YOUR_APP_PACKAGE_NAME/callback.

Replace YOUR_APP_PACKAGE_NAME with your application's package name, available as the applicationId attribute in the app/build.gradle file.

A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the returnTo query parameter. The logout URL for your app must be added to the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the logout URL you need to add to the Allowed Logout URLs field is demo://YOUR_DOMAIN/android/YOUR_APP_PACKAGE_NAME/callback.

Replace `YOUR_APP_PACKAGE_NAME` with your application's package name, available as the `applicationId` attribute in the `app/build.gradle` file.

Add the Auth0 Android SDK into your project. The library will make requests to the Auth0's Authentication and Management APIs.

In your app's build.gradle dependencies section, add the following:

apply plugin: 'com.android.application'
android {
  // ...
}
dependencies {
  // Add the Auth0 Android SDK
  implementation 'com.auth0.android:auth0:1.+'
}

Was this helpful?/

If Android Studio lints the + sign, or if you want to use a fixed version, check for the latest in Maven or JCenter.

Sync Project with Gradle Files

Remember to synchronize using the Android Studio prompt or run ./gradlew clean build from the command line. For more information about Gradle usage, check their official documentation.

Add manifest placeholders required by the SDK. The placeholders are used internally to define an intent-filter that captures the authentication callback URL.

To add the manifest placeholders, add the next line:

// app/build.gradle

apply plugin: 'com.android.application'
compileSdkVersion 28
android {
    defaultConfig {
        applicationId "com.auth0.samples"
        minSdkVersion 15
        targetSdkVersion 28
        // ...

        // ---> Add the next line
        manifestPlaceholders = [auth0Domain: "@string/com_auth0_domain", auth0Scheme: "demo"]
        // <---
    }
}

Was this helpful?/

You do not need to declare a specific intent-filter for your activity, because you have defined the manifest placeholders with your Auth0 Domain and Scheme values and the library will handle the redirection for you.

The AndroidManifest.xml file should look like this:

<!-- app/src/main/AndroidManifest.xml -->

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.auth0.samples">

    <uses-permission android:name="android.permission.INTERNET" />

    <application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:theme="@style/AppTheme">

        <activity android:name="com.auth0.samples.MainActivity">
          <intent-filter>
              <action android:name="android.intent.action.MAIN" />
              <category android:name="android.intent.category.LAUNCHER" />
          </intent-filter>
        </activity>

    </application>

</manifest>

Was this helpful?/

Run Sync Project with Gradle Files inside Android Studio or execute ./gradlew clean assembleDebug from the command line.

For more information about using Gradle, check the Gradle official documentation.

Universal Login is the easiest way to set up authentication in your application. We recommend using it for the best experience, best security and the fullest array of features.

You can also embed the login dialog directly in your application using the Lock widget. If you use this method, some features, such as single sign-on, will not be accessible. To learn how to embed the Lock widget in your application, follow the Embedded Login sample. Make sure you read the Browser-Based vs. Native Login Flows on Mobile Devices article to learn how to choose between the two types of login flows.

In the onCreate method, create a new instance of the Auth0 class to hold user credentials and set it to be OIDC conformant.

You can use a constructor that receives an Android Context if you have added the following String resources:

R.string.com_auth0_client_id
R.string.com_auth0_domain

// app/src/main/java/com/auth0/samples/MainActivity.java

private Auth0 auth0;

@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
    // ...
    auth0 = new Auth0(this);
    auth0.setOIDCConformant(true);
}

Was this helpful?/

Otherwise, use the constructor that receives both strings.

Finally, create a login method and use the WebAuthProvider class to authenticate with any connection you enabled on your application in the Auth0 dashboard.

// app/src/main/java/com/auth0/samples/LoginActivity.java

private void login() {
    WebAuthProvider.login(auth0)
            .withScheme("demo")
            .withAudience(String.format("https://%s/userinfo", getString(R.string.com_auth0_domain)))
            .start(MainActivity.this, new AuthCallback() {
                @Override
                public void onFailure(@NonNull Dialog dialog) {
                    // Show error Dialog to user
                }

                @Override
                public void onFailure(AuthenticationException exception) {
                    // Show error to user
                }

                @Override
                public void onSuccess(@NonNull Credentials credentials) {
                    // Store credentials
                    // Navigate to your main activity
                }
        });
}

Was this helpful?/

Future steps of this quickstart guide move the AuthCallback in-line instance into a class field named loginCallback.

After you call the WebAuthProvider#start function, the browser launches and shows the Lock widget. Once the user authenticates, the callback URL is called. The callback URL contains the final result of the authentication process.

There are many options to customize the authentication with the WebAuthProvider builder. You can read about them in the Auth0 SDK for Android documentation.

Use WebAuthProvider to remove the cookie set by the Browser at authentication time, so that the users are forced to re-enter their credentials the next time they try to authenticate.

Check in the LoginActivity if a boolean extra is present in the Intent at the Activity launch. This scenario triggered by the MainActivity dictates that the user wants to log out.

// app/src/main/java/com/auth0/samples/MainActivity.java

private void logout() {
    Intent intent = new Intent(this, LoginActivity.class);
    intent.putExtra(LoginActivity.EXTRA_CLEAR_CREDENTIALS, true);

    startActivity(intent);
    finish();
}

// app/src/main/java/com/auth0/samples/LoginActivity.java

@Override
protected void onCreate(Bundle savedInstanceState) {
    // ...
    if (getIntent().getBooleanExtra(EXTRA_CLEAR_CREDENTIALS, false)) {
        logout();
    }
}

private void logout() {
    WebAuthProvider.logout(auth0)
            .withScheme("demo")
            .start(this, new VoidCallback() {
                @Override
                public void onSuccess(Void payload) {
                }

                @Override
                public void onFailure(Auth0Exception error) {
                    // Show error to user
                }
            });
}

Was this helpful?/

The logout is achieved by using the WebAuthProvider class. This call will open the Browser and navigate the user to the logout endpoint. If the log out is cancelled, you might want to take the user back to where they were before attempting to log out.

Future steps of this quickstart guide move the VoidCallback in-line instance into a class field named logoutCallback.

Did it work?

Any suggestion or typo? Edit on GitHub

Docs

Android: Login

Android: Login

By Luciano Balmaceda

I want to integrate with my app

I want to explore a sample app

Configure Auth0

Get Your Application Keys

Configure Callback URLs

Configure Logout URLs

Add the Auth0 Android Dependency

Add Auth0 to Gradle

Sync Project with Gradle Files

Add Authentication with Auth0

Logout

Did it work?