Android: Login

View on Github

Android: Login

Gravatar for luciano.balmaceda@auth0.com
By Luciano Balmaceda
Auth0

This tutorial demonstrates how to add user login to an Android application using Auth0. We recommend you to Log in to follow this quickstart with examples configured for your account.

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it on Github.

View on Github
System requirements: Android Studio 2.3 | Android SDK 25 | Emulator - Nexus 5X - Android 6.0

New to Auth? Learn How Auth0 works, how it integrates with Native Applications and which protocol it uses.

Configure Auth0

Get Your Application Keys

When you signed up for Auth0, a new application was created for you, or you could have created a new one.

Your will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.

You need the following information:

  • Client ID
  • Domain

If you download the sample from the top of this page these details are filled out for you.

If you have more than one application in your account, the sample comes with the values for your Default App.

App Dashboard

We suggest you do not hardcode these values as you may need to change them in the future. Instead, use String Resources, such as @string/com_auth0_domain, to define the values.

Edit your res/values/strings.xml file as follows:

<resources>
    <string name="com_auth0_client_id">YOUR_CLIENT_ID</string>
    <string name="com_auth0_domain">YOUR_AUTH0_DOMAIN</string>
</resources>

Configure Callback URLs

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.

You need to whitelist the callback URL for your app in the Allowed Callback URLs field in your Application Settings. If you do not set any callback URL, your users will see a mismatch error when they log in.

If you are following along with the sample project you downloaded from the top of this page, you should set the Allowed Callback URL to 'demo://YOUR_AUTH0_DOMAIN/android/YOUR_APP_PACKAGE_NAME/callback' }`.

Replace YOUR_APP_PACKAGE_NAME with your application's package name, available as the applicationId attribute in the app/build.gradle file.

Add the Auth0 Android Dependency

Add the Auth0 Android SDK into your project. The library makes requests to the Auth0's Authentication and Management APIs.

Add Auth0 to Gradle

In your app's build.gradle dependencies section, add the following:

apply plugin: 'com.android.application'
android {
  //..
}
dependencies {
  //---> Add the next line
  compile 'com.auth0.android:auth0:1.+'
  //<---
}

You can check for the latest version on the repository Readme, in Maven, or in JCenter.

Add manifest placeholders required by the SDK. The placeholders are used internally to define an intent-filter that captures the authentication callback URL.

To add the manifest placeholders, add the next line:

apply plugin: 'com.android.application'
android {
    compileSdkVersion 25
    buildToolsVersion "25.0.3"
    defaultConfig {
        applicationId "com.auth0.samples"
        minSdkVersion 15
        targetSdkVersion 25
        //...

        //---> Add the next line
        manifestPlaceholders = [auth0Domain: "@string/com_auth0_domain", auth0Scheme: "demo"]
        //<---
    }
}

Run Sync Project with Gradle Files inside Android Studio or execute ./gradlew clean assembleDebug from the command line.

For more information about using Gradle, check the Gradle official documentation.

Add Authentication with Auth0

Universal Login is the easiest way to set up authentication in your application. We recommend using it for the best experience, best security and the fullest array of features.

You can also embed the login dialog directly in your application using the Lock widget. If you use this method, some features, such as single sign-on, will not be accessible. To learn how to embed the Lock widget in your application, follow the Embedded Login sample. Make sure you read the Browser-Based vs. Native Login Flows on Mobile Devices article to learn how to choose between the two types of login flows.

In the login method, create a new instance of the Auth0 class to hold user credentials.

You can use a constructor that receives an Android Context if you have added the following String resources:

  • R.string.com_auth0_client_id
  • R.string.com_auth0_domain

If you prefer to hardcode the resources, use the constructor that receives both strings. Then, use the WebAuthProvider class to authenticate with any connection you enabled on your application in the Auth0 dashboard.

After you call the WebAuthProvider#start function, the browser launches and shows the Lock widget. Once the user authenticates, the callback URL is called. The callback URL contains the final result of the authentication process.

// app/src/main/java/com/auth0/samples/MainActivity.java

private void login() {
    WebAuthProvider.init(auth0)
        .withScheme("demo")
        .withAudience(String.format("https://%s/userinfo", getString(R.string.com_auth0_domain)))
        .start(MainActivity.this, new AuthCallback() {
            @Override
            public void onFailure(@NonNull Dialog dialog) {
               // Show error Dialog to user
            }

            @Override
            public void onFailure(AuthenticationException exception) {
               // Show error to user
            }

            @Override
            public void onSuccess(@NonNull Credentials credentials) {
               // Store credentials
               // Navigate to your main activity
            }
    });
}

Capture the Result

Whitelist the callback URL for your app in the Allowed Callback URLs section in Application settings. In that section, enter the following URL:

demo://YOUR_AUTH0_DOMAIN/android/YOUR_APP_PACKAGE_NAME/callback

Replace YOUR_APP_PACKAGE_NAME with your application's package name, available in the app/build.gradle file as the applicationId attribute.

After authentication, the browser redirects the user to your application with the authentication result. The SDK captures the result and parses it.

You do not need to declare a specific intent-filter for your activity, because you have defined the manifest placeholders with your Auth0 Domain and Scheme values and the library will handle the redirection for you.

The AndroidManifest.xml file should look like this:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.auth0.samples">

    <uses-permission android:name="android.permission.INTERNET" />

    <application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:theme="@style/AppTheme">

        <activity android:name="com.auth0.samples.MainActivity">
          <intent-filter>
              <action android:name="android.intent.action.MAIN" />
              <category android:name="android.intent.category.LAUNCHER" />
          </intent-filter>
        </activity>

    </application>

</manifest>

There are many options to customize the authentication with the WebAuthProvider builder. You can read about them in the Auth0 SDK for Android documentation.

Mobile example screenshot
Use Auth0 for FREECreate free Account