A JBoss Project
Red Hat

Aerogear Guides Tutorials to help get you off and running.

Android Authorization (OAuth2)

This guide will walk developers through the AeroGear Android Authorization APIs and demonstrate how to integrate with Google’s Drive API.

In general, the Authorization framework is a system of AuthzModules which supply valid tokens to Pipe instances. Currently the Authz APIs support OAuth2.

Instantiating an OAuth2AuthzModule

Much like the rest of AeroGear, the Authz framework provides a factory class and configuration object AuthorizationManager and AuthorizationConfiguration respectively.

This code example will use Google’s APIs. An explanation of setting up the remote components is beyond the scope of this document.

String AUTHZ_URL = "https://accounts.google.com"; //The base URL of the authorization server
String AUTHZ_ENDPOINT = "/o/oauth2/auth"; //The path relative to AUTHZ_URL to the authenticate a user
String AUTHZ_TOKEN_ENDPOINT = "/o/oauth2/token"; //The path relative to AUTHZ_URL to the manage tokens
String AUTHZ_ACCOUNT_ID = "ag-authz"; //A key to identify the account in AeroGear
String AUTHZ_CLIENT_ID = ""; //The OAuth2 client ID
String AUTHZ_CLIENT_SECRET = ""; //The OAuth2 client Secret
String AUTHZ_REDIRECT_URL = ""; //The OAuth2 redirect URL

AuthorizationConfiguration  authzConfiguration = AuthorizationManager.config("GoogleDriveAuthz", OAuth2AuthorizationConfiguration.class)
        .setBaseURL(new URL(AUTHZ_URL))
        .setAuthzEndpoint(AUTHZ_ENDPOINT)
        .setAccessTokenEndpoint(AUTHZ_TOKEN_ENDPOINT)
        .setAccountId(AUTHZ_ACCOUNT_ID)
        .setClientId(AUTHZ_CLIENT_ID)
        .setClientSecret(AUTHZ_CLIENT_SECRET)
        .setRedirectURL(AUTHZ_REDIRECT_URL)
        .setScopes(Arrays.asList("https://www.googleapis.com/auth/drive"))
        .setAdditionalAuthorizationParams(ImmutableSet.of(Pair.create("access_type", "offline")))


final OAuth2AuthzModule module = authzConfiguration.asModule();

Using AuthzModule and AuthzService

The OAuth2AuthzModule utilizes OAuth2AuthzService to manage the lifecycle of tokens.

To use the service we must declare it in AndroidManifest.xml

     <service android:name="org.jboss.aerogear.android.impl.authz.AuthzService"/>

Then to fetch a token :

    authzModule.requestAccess((Activity) this, new Callback<String>() {
                @Override
                public void onSuccess(String token) {
                    doSomething(token);
                }


                @Override
                public void onFailure(Exception e) {
                    handleError(e);
                }
            });

requestAccess consumes an Activity and Callback method. It will bind to the OAuth2AuthzService (starting it if necessary) and fetch tokens. If this is the first time a request has been made, it will display a WebView fragment and embed an HTML form to interact with the remote Authentication services and fetch the required tokens. Otherwise it will return the access token to the callback.

Pipes and AuthzModule

You can provide to a PipeConfiguration object an AuthzModule instance. Assuming that requestAccess has been successfully called, the Pipe instance created by that configuration will correctly incorporate the authz tokens in your requests. It will also refresh any expired tokens if authorization fails and retry the request before failing.

    Pipeline pipeline = new Pipeline(googleDriveURL);

    PipeConfig pipeConfig = new PipeConfig(googleDriveURL, Files.class);
    pipeConfig.setAuthzModule(authzModule);

    pipeline.pipe(Files.class, pipeConfig);

    Pipe<Files> documentsPipe = pipeline.get("files", this);

    documentsPipe.read(new Callback<List<Files>>() {
        @Override
        public void onSuccess(final List<Files> files) {
            showFiles(files);
        }

        @Override
        public void onFailure(Exception e) {
            handleError(e);
        }
    });

Example application

A Drive demo application has been provided at GitHub. The sample application includes instructions on configuring Google’s services to gain the correct credentials.

redhatlogo-wite