You can use OAuth 2 to authenticate using Login Screenlet with the following OAuth 2 grant types:
-
Authorization Code (PKCE for native apps): Redirects users to a page in their mobile browser where they enter their credentials. Following login, the browser redirects users back to the mobile app. User credentials can’t be compromised via the app because it never accesses them—it uses a revocable token. This is also useful if users don’t want to enter their credentials in the app. For example, users may not want to enter their Twitter credentials directly in a 3rd-party Twitter app, preferring instead to authenticate via Twitter’s official site. Note that the site you redirect to for authentication must have OAuth 2 implemented.
-
Resource Owner Password: Users authenticate by entering their credentials directly in the app.
-
Client Credentials: Authenticates without requiring user interaction. This is useful when the app needs to access its own resources, not those of a specific user.
This tutorial shows you how to use these grant types with Login Screenlet. Note that before getting started, you may want to see Liferay DXP’s OAuth 2.0 documentation for instructions on registering an OAuth 2.0 application in the portal.
Authorization Code (PKCE)
Follow these steps to use the Authorization Code grant type with Login Screenlet:
-
Configure the URL where the mobile browser redirects after the user authenticates. To do this, follow the first two steps in the Mobile SDK’s Authorization Code instructions. Note that you must configure this URL in both the portal and your Android app.
-
Set Login Screenlet’s
loginMode
attribute tooauth2Redirect
. There are two ways to do this:-
In code, as the Login Screenlet instance’s
authenticationType
variable. You must set this variable via Login Screenlet’ssetAuthenticationType
method, using theAuthenticationType
enum constantOAUTH2REDIRECT
:loginScreenlet.setAuthenticationType(AuthenticationType.OAUTH2REDIRECT);
-
When inserting Login Screenlet’s XML, set the
loginMode
attribute tooauth2Redirect
.
-
-
In Login Screenlet’s XML, set Login Screenlet’s
oauth2ClientId
attribute to the ID of the portal’s OAuth 2 application that you want to use. To find this value, navigate to that application in the portal’s OAuth 2 Admin portlet. -
In Login Screenlet’s XML, set Login Screenlet’s
oauth2Redirect
attribute to the URL you configured in step 1.Here’s an example of Login Screenlet’s XML with the attributes from the preceding steps:
<com.liferay.mobile.screens.auth.login.LoginScreenlet android:id="@+id/login_screenlet" android:layout_width="match_parent" android:layout_height="match_parent" app:loginMode="oauth2Redirect" app:oauth2Redirect="my-app://my-app" app:oauth2ClientId="54321" app:credentialsStorage="shared_preferences" />
-
In your activity that uses Login Screenlet, you must override the
onActivityResult
method to implement the redirect you configured in the first step. You do this by calling Login Screenlet’sresumeOAuth2RedirectFlow
method:@Override protected void onActivityResult(int requestCode, int resultCode, Intent intent) { super.onActivityResult(requestCode, resultCode, intent); if (requestCode == OAuth2SignIn.REDIRECT_REQUEST_CODE) { loginScreenlet.resumeOAuth2RedirectFlow(intent); } }
Resource Owner Password
Follow these steps to use the Resource Owner Password grant type with Login Screenlet:
-
Set Login Screenlet’s
loginMode
attribute tooauth2UsernameAndPassword
. There are two ways to do this:-
In code, as the Login Screenlet instance’s
authenticationType
variable. You must set this variable via Login Screenlet’ssetAuthenticationType
method, using theAuthenticationType
enum constantOAUTH2USERNAMEANDPASSWORD
:loginScreenlet.setAuthenticationType(AuthenticationType.OAUTH2USERNAMEANDPASSWORD);
-
When inserting Login Screenlet’s XML, set the
loginMode
attribute tooauth2UsernameAndPassword
.
-
-
In Login Screenlet’s XML, set Login Screenlet’s
oauth2ClientId
attribute to the ID of the OAuth 2 application that you want to use. To find this value, navigate to that application in the OAuth 2 Admin portlet. -
In Login Screenlet’s XML, set Login Screenlet’s
oauth2ClientSecret
attribute to the same OAuth 2 application’s client secret.Here’s an example of Login Screenlet’s XML with the attributes from the preceding steps:
<com.liferay.mobile.screens.auth.login.LoginScreenlet android:id="@+id/login_screenlet" android:layout_width="match_parent" android:layout_height="match_parent" app:loginMode="oauth2UsernameAndPassword" app:oauth2ClientId="54321" app:oauth2ClientSecret="12345" app:basicAuthMethod="email" app:credentialsStorage="shared_preferences" />
Client Credentials
The OAuth 2 Client Credentials grant type authenticates without requiring user interaction. This is useful when the app needs to access its own resources, not those of a specific user.
Follow these steps to use the Client Credentials grant type in your Android app:
-
Follow the Android Mobile SDK instructions for using the Client Credentials grant type.
-
The session object contains a valid authentication object. Pass the session as an argument to the
SessionContext
methodcreateOAuth2Session
:SessionContext.createOAuth2Session(session);
This initializes the Screens
SessionContext
object, authenticating any Screenlets that you use in the Android app.
Related Topics
Using OAuth 2 in the Android Mobile SDK