. Summary
In this codelab, you learned:
. Learn more
This codelab covered the basics of how to support login for an Android app.
. Next codelab
For links to other codelabs in this course, see the Advanced Android in Kotlin codelabs landing page.
Getting Started
Download the sample app, you can either:
… or clone the GitHub repository from the command line by using the following command and switch to the start branch of the repo:
Task: Enable Logout
In this task, you’ll implement the logout feature.
Binding spring security
I am using Spring Security to integrate my filter into my application. The easiest way to get started is to use this dependency:
In the configuration, I’m specifying the following:
There is a fluent interface to configure this in code, which looks like this:
So now all three parts are finally connected. We defined which requests we want to authorize. The filter parses and verifies the token. If that token fulfills all our requirements, the request goes through. Otherwise, it fails with an unauthorized response. If you want deeper into Spring Security, you can check this tutorial.
Kotlin
Learn more about livedata and viewmodel
For the app in this codelab, you need a basic understanding of LiveData and ViewModel. Read through the LiveData and ViewModel overviews if you want a brief overview of these concepts.
Setting up the verifier
For the verification itself, we are going to use auth0’s own library. First, we initialize a JWTVerifier:
You can see we include the key we got before, plus a leeway limit for the expiration time of the token. If you want to test for the issuer and the audience explicitly, you can use the withIssuer and withAudience methods, before calling build(). In my case, checking that my tenant signs the token feels safe enough.
We trigger the actual verification by calling the verify method of the JWTVerifier we just created, wrapping it so that it does not throw exceptions into the wild.
Wait, what is that asToken method doing there? As I mentioned, we want to extract information from the token. We need the list of scopes in the token for later, which we fetch and include in our TokenAuthentication
Step 2: register your app with firebase
Now that you have a Firebase project, you can add your Android app to it.
- In the center of the Firebase console’s project overview page, click the Android icon to launch the setup workflow.
- Enter your app’s application ID in the Android package name field. Make sure you enter the ID your app is using, since you cannot add or modify this value after you’ve registered your app with your Firebase project.
- An application ID is sometimes referred to as a package name.
- Find this application ID in your module (app-level) Gradle file, usually
app/build.gradle
(example ID:com.yourcompany.yourproject
). - Enter the debug signing certificate SHA-1. You can generate this key by entering the following command in your command line terminal.
keytool -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v -storepass android
- Click Register app.
Step 3: add the firebase configuration file to your project
Add the Firebase Android configuration file to your app:
- Click Download google-services.json to obtain your Firebase Android config file (
google-services.json
).
- Move your config file into the module (app-level) directory of your app.
Step 4: configure your android project to enable firebase products
- To enable Firebase products in your app, add the google-services plugin to your Gradle files.
- In your root-level (project-level) Gradle file (
build.gradle
), add rules to include the Google Services plugin. Check that you have Google’s Maven repository, as well.
build.gradle
buildscript {
repositories {
// Check that you have the following line (if not, add it):
google() // Google's Maven repository
}
dependencies {
// ...
// Add the following line:
classpath 'com.google.gms:google-services:4.3.0' // Google Services plugin
}
}
allprojects {
// ...
repositories {
// Check that you have the following line (if not, add it):
google() // Google's Maven repository
// ...
}
}
Step by step implementation
Step 1: First, We need to connect our project with Firebase. For that, we need to go to tools the select firebase option
Step 2: Now as we need the Firebase authentication feature, In authentication, we have different options. For this article, we will use Authenticate using a custom authentication system. We will click on connect. And add the firebase Authentication SDK to your app.
Step 3: Now we will create an XML layout for the Registration Activity.
Step 4: Now we will code for Registration activity
The authorization filter
The verifier runs inside a filter, which inherits from OncePerRequestFilter. As you probably guessed, it runs before every request, but only once. Let’s call it JwtAuthorizationFilter. It does the following steps:
We covered the Verify Token step in the previous section. Before that, we have to extract the token from the header. If the verification succeeds, we set the SecurityContext, which is relevant for Spring Security. The code looks like this:
It is fairly straightforward … wait, what is that Option.fx thing? And the parentheses? Also, according to the diagram, ever step could have an empty answer, where are we handling that?
What you should already know
- Fundamentals of how to build an Android app
LiveData
andViewModel