This is an example Android app that uses the Curity Identity Server's Hypermedia API to perform an OIDC flow. The authentication is done within the app, usually without the need for an external browser (depends on the authentication methods used).
Note: The app needs at least Android 8.0 (Oreo, API level 26) to utilize attestation features.
This is a trivial app that only authenticates the user, then displays the tokens obtained from the authorization server. Some classes worth checking out:
- The
Configurationclass contains all the configuration options. You should tailor these to reflect your installation of the Curity Identity Server. - The
DemoApplicationclass shows how to configure the HAAPI UI SDK so that it can be used with the app. - The
MainActivityclass shows the code needed to integrate with the HAAPI UI SDK. First, thehaapiFlowLauncheris created together with the callback that will handle the received tokens. Then a listener is used to launch the HAAPI flow activity when a button is clicked. - The
authenticatedpackage contains the activity and components used once the user is authenticated. This displays the received tokens and obtains information about the user from the user info endpoint. Theauthenticated/TokensFragmentclass also shows a way of utilising the HAAPI SDK to refresh an access token.
Note that gradle tasks require at least Java 17 to run properly. Make sure to have the proper Java SDK
configured in Preferences / Build,Execution,Deployment / Build Tools / Gradle / Gradle JDK in Android Studio.
The required Curity Identity Server setup is provided through a script. To run the setup, follow these steps.
First run docker pull curity.azurecr.io/curity/idsvr to ensure that your Curity Identity Server instance is up to date.
The example configuration requires version 8.7 or higher of the Curity Identity Server.
- Copy a Curity Identity Server license file to
license.jsonin the code example root folder. - Run the
./start-idsvr.shscript to deploy a preconfigured Curity Identity Server via Docker. - Build and run the mobile app from Android Studio using an emulator of your choice.
- There is a preconfigured
demouseruser account you can sign-in with using a password ofPassword1. - Run the
./stop-idsvr.shscript to free Docker resources.
By default the Curity Identity Server instance is contacted from the Android emulator using the default host IP of 10.0.2.2.
To login with native passkeys you must configure associated domains for the app, according to the Configure Native Passkeys for Mobile Logins tutorial. The Docker automated setup provides working passkey logins if you install the ngrok tool as described in the Mobile Setup tutorial, then set the USE_NGROK=true variable at the top of the start-server.sh script, before running it. Using ngrok exposes the docker instance of the Curity Identity Server on the internet at a trusted SSL URL, so that associated domain registration works.
Using ngrok also enables testing with real devices, and enables you to run Android and iOS HAAPI code examples side by side.
- Make sure that the Curity Identity Server is running and configured.
- Start the demo application on an emulator that has at least Android API level 26.
- Tap the button
Start Authenticationon the home screen to start the authentication flow.
- Make sure that the Curity Identity Server is running and reachable on the Internet (e.g., by using ngrok).
- Adjust the settings in the
Configurationclass to reflect the instance of your Curity Identity Server. - Build then install and start the demo application on your physical device.
- Tap the button
Start Authenticationon the home screen to start the authentication flow.
To allow HAAPI access, you need to add the app's signature digest to the client's configuration in the Curity Identity Server. This should be added in the Attestation section of the client's settings. To get the signature's digest use the signingReport task (./gradlew SigningReport). Then copy the SHA-256 signature and paste it in the signature field in the admin UI. If you want to paste the signature into an XML file, or use the CLI or RestConf API to add the signature, then you need to use a base64 version of the signature hash. You can run this command to obtain the encoded signature:
echo "<sha-256 signature from the signingReport>" | xxd -r -p | base64The application needs a few configuration options set to be able to call the instance of the Curity Identity Server. Default configuration is set to work with the dockerized version of the Curity Identity Server which is run with the start-idsvr.sh script. Should you need to make the app work with a different environment (e.g., you have your own instance of the Curity Identity Server already working online), then you should adjust the configuration. Edit the default settings in the src/main/java/io/curity/haapidemo/Configuration.kt file. The default settings are returned by the static newInstance method, and this is the one that should be modified.
The UI SDK allows for a simple change of the styles used by the view components. Have a look at the res/values/styles.xml and res/values/colors.xml files to see the techniques used in the demo app to change the default theme. Note that the custom theme is applied to the HAAPIFlowActivity in the AndroidManifest.xml file. Have a look at the customization tutorial to learn more about changing the look and feel of your authentication flow.
- HAAPI UI SDK Guide that shows all the aspects of working with the Curity's HAAPI UI SDK.
- A tutorial that shows how to properly configure the Curity Identity Server and a client to use the Hypermedia API from an Android app.
- An article that explains the Hypermedia Authentication API.
Please visit curity.io for more information about the Curity Identity Server.
