# Android
Signicat offers a mobile SDK to easily connect Android devices to the Signicat Identity Broker. On this page, you can learn how to integrate the Android SDK into your application.
# Requirements
The requirements for the Android SDK are as follows:
- The Android SDK is built with AndroidX. This means that you must have an AndroidX application to use the Android SDK.
- The supported Android minimum version is Android 9 (API level 28). The supported Android target version is Android 16 (API level 36).
- The SDK is made using Kotlin 1.9. If your app uses Kotlin, then we recommend that you use a language version that is the same (1.9) or newer.
- The target phone's default browser must support cookies. If not, then a browser that supports cookies must be set as default.
# Quick Start
To start using the Android SDK, you need to:
- Include the
android-sdk-${version}.aarlibrary in your project. - Set up app links for your application as described in the next section.
# App Links
The Android SDK uses app links as a mechanism for connecting to the broker. For this reason, an app link configuration needs to be set up on your tenant. You can configure this from the UI by filling in the Android App package name and fingerprint under your service provider configuration.
Once the configuration is done, you can view the result at:
https://<YOUR_TENANT_DOMAIN>/.well-known/assetlinks.json
Now that you have handled the web server configuration, you need to configure the activities matching the URLs (the demo example provides the configuration already) inside your Android manifest in order for the app to work.
You also need to ensure that you have set autoVerify to true.
<activity
android:name="SDK_ACTIVITY"
android:windowSoftInputMode="stateHidden">
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:scheme="https"
android:host="YOUR_TENANT_DOMAIN"
android:pathPrefix="PATH_PREFIX" />
</intent-filter>
</activity>
You need to populate SDK_ACTIVITY, YOUR_TENANT_DOMAIN and PATH_PREFIX with the appropriate values. To learn how to do this, you can follow the demo application.
# API
The Android SDK offers three basic methods that can be called from the base class com.connectis.sdk.ConnectisSDK.
# Login
fun login(
sdkConfiguration: ConnectisSDKConfiguration,
caller: Context,
delegate: AuthenticationResponseDelegate,
errorResponseDelegate: ErrorResponseDelegate? = null
allowDeviceAuthentication: Boolean = false
)
Where ConnectisSDKConfiguration is a basic data class:
data class ConnectisSDKConfiguration(
val issuer: String,
val clientId: String,
val redirectUri: String,
val scopes: String? = null,
val brokerAppAcs: String? = null,
val brokerDigidAppAcs: String? = null,
val loginFlow: LoginFlow = LoginFlow.WEB
)
And where AuthenticationResponseDelegate is a interface where you can handle the response:
interface AuthenticationResponseDelegate{
fun handleResponse(authenticatonResponse: AuthenticationResponse)
fun onCancel()
}
The AuthenticationResponse is the class that you receive after a login was made in the CIB:
data class AuthenticationResponse(
val isSuccess: Boolean,
val error: String?,
val nameIdentifier: String?,
val attributes: List<Attribute>
)
To learn about what the properties mean, see the table below:
| Property name | Description |
|---|---|
issuer | The endpoint of the CIB that you want to connect to. Given by Connectis Technical Support. |
clientId | The client ID that you provided to Connectis Technical Support. |
redirectUri | Must be set to the app link value. |
scopes | Can be set if you want to do idp scoping (bypass the idp selection screen or for app2app). |
brokerAppAcs | Must be set for app2app openid; the broker endpoint for processing app2app openid flows. |
brokerDigidAppAcs | Must be set for app2app DigID: broker endpoint for processing app2app DigID flow. |
loginFlow | Can be set to either WEB or APP_TO_APP. The default is WEB. |
caller | The activity context where you call the Connectis SDK from. |
delegate | Your implementation of the AuthenticationResponseDelegate interface. |
errorResponseDelegate | Optional implementation for handling errors. If none are are provided, then the exceptions will be thrown on error. |
allowDeviceAuthentication | This should be true if you wish to enable device authentication in your application, or false if not. |
# OpenId Access Token
The API provides access to a valid OpenId access token:
fun useAccessToken(
caller: Context,
accessTokenDelegate: AccessTokenDelegate
)
Where AccessTokenDelegate is an interface:
interface AccessTokenDelegate {
fun handleAccessToken(accessToken : Token)
fun onError(errorMessage: String)
}
Note
For security reasons, the OpenId Access Token should be treated as a secret in the software.
# Device Authentication
The Android SDK offers the possibility to authenticate the users once the user logged in at least once, using the mobile phone device authentication supported methods (face unlock, fingerprint, PIN).
To enable the device authentication flow, you need to call the following method after the user logged in using the CIB:
fun enableDeviceAuthentication(originalContext: Context)
If you want to disable the device authentication, then you can call the following function:
fun disableDeviceAuthentication(originalConte