https://kotlinlang.org logo
#android
Title
# android
r

Răzvan Roșu

04/23/2020, 7:12 AM
Hi, I'm struggling with a corporate API service that requires authentication through OAuth 2. When the application is started for the first time, the user clicks the button Login and the activity launches the default browser with the login page. As soon as the client enters the right credentials, the browser, through a callback procedure passes the data to the same LoginActivity needed to obtain the access token and complete the procedure. The whole procedure on my Google Pixel works well as it does on the AVD, but on different phone brands like Samsung the browser does not always invoke the application. On other brands like Meizu it never works, even if Chrome is installed. I was wondering if it was another way to make the OAuth authentication without relying on an external browser, but after some research I found out that using the WebView on native applications is insecure. And some users find the opening of the external browser a little bit confusing. Here are the intent filters that I use in case someone is curios:
<activity                android:name=".ui.login.LoginActivity"                android:theme="@style/LoginTheme">
<`intent-filter> <action android:name="android.intent.action.VIEW" />` <`category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" />` <`data android:host="service-name" android:path="/oauth-callback" android:scheme="http" /> </intent-filter>` </`activity>` Thanks in advance!
d

David Eriksson

04/23/2020, 7:38 AM
I know this SDK that has a webview for OAuth2, see if you can learn something from that: https://github.com/telenordigital/connect-android-sdk
👍 1
And what do you mean about WebViews being insecure?
r

Răzvan Roșu

04/23/2020, 7:42 AM
nice, I will give it a try, thanks!
d

David Eriksson

04/23/2020, 7:44 AM
Oh, I was totally unaware of "Android Custom Tab"
2 Views