Ping SDKs

Set up centralized login in Android apps

Applies to:

  • Ping SDK for Android

  • Ping SDK for iOS

  • Ping SDK for JavaScript

This section describes how to configure your Ping SDK for Android application to use centralized login by leveraging the AppAuth library:

  1. Add the build dependency to the build.gradle file:

    implementation 'net.openid:appauth:0.11.1'
  2. Associate your application with the scheme your redirect URIs use.

    To ensure that only your app is able to obtain authorization tokens during centralized login we recommend you configure it to use Android App Links.

    If you do not want to implement Android App Links, you can instead use a custom scheme for your redirect URIs.

    • Custom Scheme

    Complete the following steps to configure a custom scheme:

    1. Configure the AppAuth library to use the custom scheme for capturing redirect URIs by using either of these two methods:

      • Add the custom scheme your app will use to your build.gradle file:

        android.defaultConfig.manifestPlaceholders = [
            'appAuthRedirectScheme': 'com.forgerock.android'
        ]

      Or:

      • Add an <intent-filter> for AppAuth.RedirectUriReceiverActivity to your AndroidManifest.xml:

        <activity
           android:name="net.openid.appauth.RedirectUriReceiverActivity"
           tools:node="replace">
            <intent-filter>
               <action android:name="android.intent.action.VIEW"/>
               <category android:name="android.intent.category.DEFAULT"/>
               <category android:name="android.intent.category.BROWSABLE"/>
               <data android:scheme="com.forgerock.android"/>
            </intent-filter>
        </activity>

      For more information, refer to Capturing the authorization redirect.

    2. For Android 11 or higher, add the following to the AndroidManfest.xml file:

      <queries>
           <intent>
               <action android:name="android.intent.action.VIEW" />
               <category android:name="android.intent.category.BROWSABLE" />
               <data android:scheme="com.forgerock.android" />
           </intent>
       </queries>
    3. Configure your application to use the redirect URI, either in the strings.xml file, or by using FROptions:

      strings.xml:
      <string name="forgerock_oauth_redirect_uri" translatable="false">com.forgerock.android:/oauth2redirect</string>
      FROptions:
      let options = FROptions(
          ...,
          oauthRedirectUri: "com.forgerock.android:/oauth2redirect",
          ...,
      )
    4. Add the custom scheme to the Redirection URIs property of your OAuth 2.0 client. For example, com.forgerock.android:/oauth2redirect

  3. Configure your application to use browser mode:

    // Use FRUser.browser() to enable browser mode:
    FRUser.browser().login(context, new FRListener<FRUser>());
    
    // Use standard SDK interface to retrieve an AccessToken:
    FRUser.getCurrentUser().getAccessToken()
    
    // Use standard SDK interface to logout a user:
    FRUser.getCurrentUser().logout()

    The SDK uses the OAuth 2.0 parameters you configured in your application.

    You can amend the example code above to customize the integration with AppAuth; for example, adding OAuth 2.0 or OpenID Connect parameters, and browser colors:

     FRUser.browser().appAuthConfigurer()
         .authorizationRequest(r -> {
             // Add a login hint parameter about the user:
             r.setLoginHint("demo@example.com");
             // Request that the user re-authenticates:
             r.setPrompt("login");
         })
         .customTabsIntent(t -> {
             // Customize the browser:
             t.setShowTitle(true);
             t.setToolbarColor(getResources().getColor(R.color.colorAccent));
         }).done()
         .login(this, new FRListener<FRUser>() {
             @Override
             public void onSuccess(FRUser result) {
                 //success
             }
    
             @Override
             public void onException(Exception e) {
                 //fail
             }
         });