Android: Authorization

View on Github

Android: Authorization

Gravatar for
By Luciano Balmaceda

This tutorial will show you how to use the Auth0 authentication API in your Android project to create a custom login screen. We recommend you to Log in to follow this quickstart with examples configured for your account.

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github
System requirements: Android Studio 2.3 | Android SDK 25 | Emulator - Nexus 5X - Android 6.0

This tutorial shows you how to use Auth0 to create access roles for your users. With access roles, you can authorize or deny access to your content to different users based on the level of access they have.

Before You Start

Be sure that you have completed the Login quickstart.

Create a Rule that assigns the users either an admin role, or a simple user role. Go to the new rule page and select the Set Roles To A User template, under Access Control. Edit the following lines from the default script to match the conditions that fit your needs:

const addRolesToUser = function (user) {
    const endsWith = '';

    if ( && ( - endsWith.length, === endsWith)) {
      return ['admin'];
    return ['user'];

The default rules for assigning access roles are:

  • If the user's email contains, the user gets the admin role.
  • If the email contains anything else, the user gets the regular user role.

The rule can be customized to grant the user different roles other than the ones explained here, depending on the conditions required in a project. There is a restriction on the name of the claims added to the ID Token which must be namespaced. Read this article for more context about Rules.

Test the Rule in Your Project

Once the user credentials had been obtained (as explained in the Login tutorial), save them to access them at any time.

The claims added to the ID Token via a Rule are included in the userinfo endpoint response. Use the Access Token to call this endpoint and obtain the user roles.

// app/src/main/java/com/auth0/samples/activities/

      .start(new BaseCallback<UserProfile, AuthenticationException>() {
          public void onSuccess(UserProfile userInfo) {
              // Obtain the claim from the "extra info" of the user info
              List<String> roles = userInfo.getExtraInfo().containsKey("") ?
                  (List<String>) userInfo.getExtraInfo().get("") :

              if (!roles.contains("admin")) {
                  // User is not authorized
              } else {
                  // User is authorized

          public void onFailure(AuthenticationException error) {
              // Show error

Restrict Content Based On Access Level

Roles can be used to distinguish user permissions within an app, authorizing or denying access to a certain feature. The sample project illustrates this by allowing users with the admin role to access the "Settings Activity".

Use Auth0 for FREE