--- title: Configure Android apps for OIDC login description: This section describes how to configure your Ping (ForgeRock) SDK for Android application to use centralized login by leveraging the AppAuth library: component: sdks version: latest page_id: sdks:oidc:sdkconfiguration/oidc-login/android-centralized-login canonical_url: https://docs.pingidentity.com/sdks/latest/oidc/sdkconfiguration/oidc-login/android-centralized-login.html revdate: Mon, 30 Sep 2024 13:44:17 +0100 keywords: ["OAuth 2.0", "OpenID Connect", "Setup & Configuration", "Source Code", "Integration", "SDK"] --- # Configure Android apps for OIDC login This section describes how to configure your Ping (ForgeRock) SDK for Android application to use centralized login by leveraging the `AppAuth` library: 1. Add the build dependency to the `build.gradle` file: ```gradle implementation 'net.openid:appauth:0.11.1' ``` 2. Associate your application with the scheme your redirect URIs use. To ensure that only your app is able to obtain authorization tokens during centralized login we recommend you configure it to use [Android App Links](https://developer.android.com/studio/write/app-link-indexing). If you do not want to implement Android App Links, you can instead use a custom scheme for your redirect URIs. * Android App Links * Custom Scheme Complete the following steps to configure App Links: 1. In your application, configure the AppAuth library to use the HTTP scheme for capturing redirect URIs, by adding an `` for `AppAuth.RedirectUriReceiverActivity` to your `AndroidManifest.xml`: AndroidManifest.xml ```xml

``` * You must set `android:autoVerify` to `true`. This instructs Android to verify the against the `assetlinks.json` file you update in the next step. * Specify the `scheme`, `hosts`, and `path` parameters that will be used in your redirect URIs. The host value must match the domain where you upload the `assetlinks.json` file. To learn more about intents, refer to [Add intent filters](https://developer.android.com/studio/write/app-link-indexing#intent) in the Android Developer documentation. To learn more about redirects and the AppAuth library, refer to [Capturing the authorization redirect](https://github.com/openid/AppAuth-Android#capturing-the-authorization-redirect). 2. For Android 11 or higher, add the following to the `AndroidManfest.xml` file: ```xml ``` 3. Create or update a Digital Asset Links (`assetlinks.json`) file that associates your app with the domain. You must host the file in a `.well-known` folder on the same host that you entered in the intent filter earlier. The file will resemble the following: https\://android.example.com/.well-known/assetlinks.json ```json [ { "relation": [ "delegate_permission/common.handle_all_urls", ], "target": { "namespace": "android_app", "package_name": "com.example.app", "sha256_cert_fingerprints": [ "c4:15:c8:f1:...:fe:ce:d7:37" ] } } ] ``` * To learn more, refer to [Associate your app with your website](https://developer.android.com/studio/write/app-link-indexing#associatesite) in the Android Developer documentation. 4. Upload the completed file to the domain that matches the host value you configured in the earlier step. For information on uploading an `assetLinks.json` file to an Advanced PingOne Advanced Identity Cloud instance, refer to [Upload an Android assetlinks.json file](https://docs.pingidentity.com/pingoneaic/latest/end-user/upload-android-assetlinks.html). 5. Add the following to the `strings.xml` file: ```xml https://android.example.com/oauth2redirect ``` 6. Add the App Link to the Redirection URIs property of your OAuth 2.0 client. For example, `https://android.example.com/oauth2redirect` Complete the following steps to configure a custom scheme: 1. Configure the AppAuth library to use the custom scheme for capturing redirect URIs by using either of these two methods: * Add the custom scheme your app will use to your `build.gradle` file: ```gradle android.defaultConfig.manifestPlaceholders = [ 'appAuthRedirectScheme': 'com.forgerock.android' ] ``` Or: * Add an `` for `AppAuth.RedirectUriReceiverActivity` to your `AndroidManifest.xml`: ```xml

``` For more information, refer to [Capturing the authorization redirect](https://github.com/openid/AppAuth-Android#capturing-the-authorization-redirect). 2. For Android 11 or higher, add the following to the `AndroidManfest.xml` file: ```xml ``` 3. Configure your application to use the redirect URI, either in the `strings.xml` file, or by using `FROptions`: * strings.xml: ```xml org.forgerock.demo://oauth2redirect ``` - FROptions: ```java let options = FROptions( ..., oauthRedirectUri: "org.forgerock.demo://oauth2redirect", ..., ) ``` 4. Add the custom scheme to the Redirection URIs property of your OAuth 2.0 client. For example, `org.forgerock.demo://oauth2redirect` 3. Configure your application to use browser mode: ```java // Use FRUser.browser() to enable browser mode: FRUser.browser().login(context, new FRListener()); // Use standard SDK interface to retrieve an AccessToken: FRUser.getCurrentUser().getAccessToken() // Use standard SDK interface to logout a user: FRUser.getCurrentUser().logout() ``` | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The SDK uses the OAuth 2.0 parameters you configured in your application.You can amend the example code above to customize the integration with AppAuth; for example, adding OAuth 2.0 or OpenID Connect parameters, and browser colors:```java FRUser.browser().appAuthConfigurer() .authorizationRequest(r -> { // Add a login hint parameter about the user: r.setLoginHint("demo@example.com"); // Request that the user re-authenticates: r.setPrompt("login"); }) .customTabsIntent(t -> { // Customize the browser: t.setShowTitle(true); t.setToolbarColor(getResources().getColor(R.color.colorAccent)); }).done() .login(this, new FRListener() { @Override public void onSuccess(FRUser result) { //success } @Override public void onException(Exception e) { //fail } }); ``` |