Advanced Android in Kotlin 06.1: Android Login with FirebaseUI  |  Android Developers

. Summary

In this codelab, you learned:

. Learn more

This codelab covered the basics of how to support login for an Android app.

. Next codelab

For links to other codelabs in this course, see the Advanced Android in Kotlin codelabs landing page.

Getting Started

Download the sample app, you can either:

… or clone the GitHub repository from the command line by using the following command and switch to the start branch of the repo:

Task: Enable Logout

In this task, you’ll implement the logout feature.

Binding spring security

I am using Spring Security to integrate my filter into my application. The easiest way to get started is to use this dependency:

In the configuration, I’m specifying the following:

There is a fluent interface to configure this in code, which looks like this:

So now all three parts are finally connected. We defined which requests we want to authorize. The filter parses and verifies the token. If that token fulfills all our requirements, the request goes through. Otherwise, it fails with an unauthorized response. If you want deeper into Spring Security, you can check this tutorial.

Kotlin

Learn more about livedata and viewmodel

For the app in this codelab, you need a basic understanding of LiveData and ViewModel. Read through the LiveData and ViewModel overviews if you want a brief overview of these concepts.

Setting up the verifier

For the verification itself, we are going to use auth0’s own library. First, we initialize a JWTVerifier:

You can see we include the key we got before, plus a leeway limit for the expiration time of the token. If you want to test for the issuer and the audience explicitly, you can use the withIssuer and withAudience methods, before calling build(). In my case, checking that my tenant signs the token feels safe enough.

We trigger the actual verification by calling the verify method of the JWTVerifier we just created, wrapping it so that it does not throw exceptions into the wild.

Wait, what is that asToken method doing there? As I mentioned, we want to extract information from the token. We need the list of scopes in the token for later, which we fetch and include in our TokenAuthentication

Step 2: register your app with firebase

Now that you have a Firebase project, you can add your Android app to it.

  1. In the center of the Firebase console’s project overview page, click the Android icon to launch the setup workflow.
  2. Enter your app’s application ID in the Android package name field. Make sure you enter the ID your app is using, since you cannot add or modify this value after you’ve registered your app with your Firebase project.
  3. An application ID is sometimes referred to as a package name.
  4. Find this application ID in your module (app-level) Gradle file, usually app/build.gradle (example ID: com.yourcompany.yourproject).
  5. Enter the debug signing certificate SHA-1. You can generate this key by entering the following command in your command line terminal.
keytool -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v -storepass android
  1. Click Register app.

Step 3: add the firebase configuration file to your project

Add the Firebase Android configuration file to your app:

  1. Click Download google-services.json to obtain your Firebase Android config file (google-services.json).
  1. Move your config file into the module (app-level) directory of your app.

Step 4: configure your android project to enable firebase products

  1. To enable Firebase products in your app, add the google-services plugin to your Gradle files.
  2. In your root-level (project-level) Gradle file (build.gradle), add rules to include the Google Services plugin. Check that you have Google’s Maven repository, as well.

build.gradle

buildscript {

  repositories {
    // Check that you have the following line (if not, add it):
    google()  // Google's Maven repository
  }

  dependencies {
    // ...

    // Add the following line:
    classpath 'com.google.gms:google-services:4.3.0'  // Google Services plugin
  }
}

allprojects {
  // ...

  repositories {
    // Check that you have the following line (if not, add it):
    google()  // Google's Maven repository
    // ...
  }
}

Step by step implementation

Step 1: First, We need to connect our project with Firebase. For that, we need to go to tools the select firebase option

Step 2: Now as we need the Firebase authentication feature, In authentication, we have different options. For this article, we will use Authenticate using a custom authentication system. We will click on connect. And add the firebase Authentication SDK to your app.

Step 3: Now we will create an XML layout for the Registration Activity.

Step 4: Now we will code for Registration activity

The authorization filter

The verifier runs inside a filter, which inherits from OncePerRequestFilter. As you probably guessed, it runs before every request, but only once. Let’s call it JwtAuthorizationFilter. It does the following steps:

We covered the Verify Token step in the previous section. Before that, we have to extract the token from the header. If the verification succeeds, we set the SecurityContext, which is relevant for Spring Security. The code looks like this:

It is fairly straightforward … wait, what is that Option.fx thing? And the parentheses? Also, according to the diagram, ever step could have an empty answer, where are we handling that?

What you should already know

  • Fundamentals of how to build an Android app
  • LiveData and ViewModel
Похожее:  Авторизация и транзакция: в чем разница — Financehacks

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *