Skip to content

Latest commit

 

History

History
47 lines (36 loc) · 2.88 KB

README.md

File metadata and controls

47 lines (36 loc) · 2.88 KB

Adding OAuth2 to Mobile Android and iOS Clients Using the AppAuth SDK

IMPORTANT: This repository relates to Approov 1 and has not been updated to reflect the new features and usage of Approov 2, the latest version of Approov. We will be updating the repository soon. Meanwhile, please refer to the guide for migrating from Approov 1 to Approov 2.

OAuth2, often combined with OpenID-Connect, is a popular authorization framework that enables applications to protect resources from unauthorized access. It delegates user authentication to an authorization service, which then authorizes third-party applications to access the protected resources on the user’s behalf. OAuth 2 provides authorization flows for both web and mobile applications.

AppAuth

AppAuth is an open source SDK for native Android and iOS apps which implements best-practice OAuth2 and OpenID-Connect (OIDC) specifications in a platform friendly manner.

The SDK follows OAuth 2.0 for Native Apps best practices, including the PKCE extension and custom tab browsers. The library provides hooks to further extend the protocol beyond the basic flow.

As an open source project, AppAuth has GitHub repositories for Android and iOS which include good documentation, a demo app, and integration with multiple authorization services.

Getting Started

A sample app, implemented in Android, provides a concrete example using AppAuth to authorize access to private resources. The Books App uses the Google Books API and Google Sign-In services to search for books (protected by API key) and show a signed-in user’s favorite book selections (protected by OAuth2). The app was developed on Android to further explore AppAuth SDK usage with a common application architecture and support libraries.

To follow along, start by cloning the Books demo project on GitHub available at github.com/approov. It requires some configuration, so it will not run out of the box. At a minimum, you will need to provide a keystore, Google API key, and Google OAuth2 credentials.

See the article Adding OAuth2 to Mobile Android and iOS Clients Using the AppAuth SDK for instructions on getting the app running.