AppAuth-Android icon indicating copy to clipboard operation
AppAuth-Android copied to clipboard

Published 20 hours ago verified publisher icon openid

Set tokens manually!

Open poke-fcr opened this issue 3 years ago • 4 comments

Hi, I am using android webview app to load angular application. To make sessions longer I have used AppAuth library to login from mobile to get and store tokens. After getting token I pass tokens to local storage so that angular application can process token and assume that user is logged in and proceed further. After angular app takes tokens, it changes values of token and android is unaware of it. So when app is restarted, android app uses old tokens and hence sign in fails.

How can I set token in appAuth state manually?

Thanks in advance!

poke-fcr avatar Sep 27 '21 08:09 poke-fcr

You can call update on AuthState with the latest token response.

I don't know how your app's structured but I'd recommend against mixing the two contexts (native and the SPA) this way. I'd either manage the login session exclusively in the SPA or natively.

agologan avatar Sep 27 '21 13:09 agologan

Thank You @agologan Alexandru, I can use, update method, which require tokenResponse object with other values. Shd i use a dummy token Response? As my angular keycloak config already processed the request and generated new idTokens, refresh token and access token. I want my android app to be aware of the tokens which are being modified in angular application inside webview.

poke-fcr avatar Sep 28 '21 11:09 poke-fcr

You've probably figured this out by now, but the only dummy part of the AuthorizationResponse is the associated request which in your case is done in angular, otherwise the rest of the options are just the same as the response you get in the js context.

agologan avatar Oct 04 '21 18:10 agologan

I've bumped into a similar need. We have the capability of signing in to a platform either on an external OAuth site, or through AppAuth in the app, and if we do the prior we would like to plug the tokens we get back into AppAuth for future token refreshes.

In short I'm pondering if it's even reasonable to try and manually instantiate an AuthState and try to fill it with already existing tokens (as well as known URLs for auth/tokens, client ID, etc), as things like doing a refresh seemingly requires a stored AuthorizationResponse object as well.

I'm leaning towards just rolling my own token refresh service for this specialized use-case, but it would be nice to use AppAuth for this as well.

Edit: And after posting I of course get around to figure it out too, minimal testing, but so far so good.

The steps:

  1. Instantiate AuthorizationServiceConfiguration with your params.
  2. Instantiate AuthState with the above as param.
  3. Instantiate AuthorizationRequest with your params.
  4. Instantiate AuthorizationResponse.Builder with the above as param.
  5. Set a garbage auth code with .setAuthorizationCode() on the builder.
  6. Build the auth response .build() and update the auth state with it .update().
  7. Get a token request from your auth response with .createTokenExchangeRequest().
  8. Instantiate TokenResponse.Builder with the above as param.
  9. Set the access and refresh tokens on the builder with .setAccessToken() and .setRefreshToken().
  10. Build the token response .build() and update the auth state with it .update().
  11. Store your auth state, done!

It was fairly straight forward in the end, even if there's a number of things to do.

AndreasDolphin avatar Sep 30 '22 07:09 AndreasDolphin