Android Login

This tutorial will show you how to integrate the Auth0 Login in your Android project in order to present the login box.

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

System Requirements
  • Android Studio 2.3
  • Android SDK 25
  • Emulator - Nexus 5X - Android 6.0
Show requirements

Add the Auth0 Android Dependency

Your first step is to add the Auth0 Android SDK into your project. The library makes requests to the Auth0's Authentication and Management APIs.

Gradle

Inside the build.gradle dependencies section add:

apply plugin: 'com.android.application'
android {
  //..
}
dependencies {
  compile 'com.auth0.android:auth0:1.+'
}

You can check for the latest version on the repository Readme, in Maven, or in JCenter.

Then, run Sync Project with Gradle Files inside Android Studio or ./gradlew clean assembleDebug from the command line.

For more information about Gradle usage, check their official documentation.

Start the Authentication

In our login method we create a new Auth0 instance to hold the credentials. Then by using the WebAuthProvider class we can authenticate with any connection enabled for our client in the Auth0 dashboard. We also tell the provider to use the custom scheme demo to construct the expected Callback URL.

After calling WebAuthProvider#start the browser will launch and show Lock, and the final result will be received in the callback we pass.

private void login() {
    Auth0 auth0 = new Auth0("YOUR_CLIENT_ID", "YOUR_AUTH0_DOMAIN");
    auth0.setOIDCConformant(true);
    WebAuthProvider.init(auth0)
                  .withScheme("demo")
                  .start(MainActivity.this, new AuthCallback() {
                      @Override
                      public void onFailure(@NonNull Dialog dialog) {
                        // Show error Dialog to user
                      }

                      @Override
                      public void onFailure(AuthenticationException exception) {
                        // Show error to user
                      }

                      @Override
                      public void onSuccess(@NonNull Credentials credentials) {
                          // Store credentials
                          // Navigate to your main activity
                      }
                });
}

Capture the Result

The browser will redirect to our application with the authentication result and we need to send it back to the WebAuthProvider in order to parse it and get the actual tokens. To do so, we need to register in our Activity an Intent-Filter that will capture the call to the Callback URL specified by the provider. This URL is built using our Domain and application's Package Name and it must be whitelisted in the "Allowed Callback URLs" section of the Client settings. The URL should look similar to this:

demo://YOUR_AUTH0_DOMAIN/android/YOUR_APP_PACKAGE_NAME/callback

Edit the AndroidManifest.xml file to add the INTERNET permission and an Intent-Filter like the one below. Remember to replace YOUR_APP_PACKAGE_NAME with your actual application's package name, in order to match the Callback URL registered in the dashboard.

<application android:theme="@style/AppTheme">

        <uses-permission android:name="android.permission.INTERNET" />

        <!-- ... -->

        <activity
            android:name="com.mycompany.MainActivity"
            android:theme="@style/MyAppTheme"
            android:launchMode="singleTask">

            <intent-filter>
                <action android:name="android.intent.action.VIEW" />

                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />

                <data
                    android:host="YOUR_AUTH0_DOMAIN"
                    android:pathPrefix="/android/YOUR_APP_PACKAGE_NAME/callback"
                    android:scheme="demo" />
            </intent-filter>

        </activity>

        <!-- ... -->

    </application>

It's very important to specify the android:launchMode="singleTask" in your activity to ensure the authentication state it's not lost along redirects and that the result arrives back in the same activity instance that first requested it.

Next, override the onNewIntent method in your activity. Here is where the result arrives. Redirect the received intent to the WebAuthProvider#resume method, which will return true if the data could be parsed correctly, and will call the AuthCallback given in the start call.

public class MyActivity extends Activity {

    @Override
    protected void onNewIntent(Intent intent) {
        if (WebAuthProvider.resume(intent)) {
            return;
        }
        super.onNewIntent(intent);
    }
}

There are many options to customize the authentication using WebAuthProvider. Make sure to check them here.

Mobile example screenshot

Centralized vs Embedded Login

Auth0's centralized login page provides the fastest, most secure, and most feature-rich way to implement authentication in your app. If required, the Lock widget can also be embedded directly into your application, but certain features such as single sign-on won't be accessible. It is highly recommended that you use centralized login (as covered in this tutorial), but if you wish to embed the Lock widget directly in your application, you can follow the Embedded Login sample.

Please see Browser-Based vs. Native Login Flows on Mobile Devices for information on choosing between the two types of login flows.

Previous Tutorial
1. Getting started
Use Auth0 for FREECreate free Account