Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Mobile SDK

Android SDK

search

Android SDK

The Android SDK simplifies the creation of your Android app by providing an API for the OneWelcome Identity Platform Mobile Identity module. The Android SDK ensures the security of the integration and means that app developers do not need to know the complex details of two-factor authentication and PKI.

The Android SDK topics describe how to get started with the Android SDK. It outlines how the API is set up, how the Android SDK generally works, and what the requirements are.

General setup of the Android SDK

OneginiClient

The main interface of the Mobile SDK is the OneginiClient. This class exposes the OneWelcome Identity Platform client objects (UserClient and DeviceClient). The OneginiClient allows the construction of a single instance using the OneginiClientBuilder class.

The other clients that can be accessed through the OneginiClient are:

  • UserClient only contains user-related functionality.

  • DeviceClient only contains device-related functionality.

Thread safety

All methods that you call on the Android SDK must be performed on the main thread of your mobile application. The Android SDK does not enforce this. You might experience strange behavior if you do not execute the methods on the main thread. Internally, the Android SDK uses multiple threads to make sure it does not block the main thread.

Delegate control between the app and the Android SDK

To use the Android SDK, you must integrate it into your application. Your application can trigger an Android SDK function by calling an Android SDK method.

Example: User authentication

To begin user authentication, you must call the UserClient.authenticateUser() method. Below is an example of this method call (taken from the Android example app):

OneginiSDK.getOneginiClient(this).getUserClient().authenticateUser(userProfile, new OneginiAuthenticationHandler() {

  @Override
  public void onSuccess(final UserProfile userProfile, final CustomInfo customInfo) {
    // Authentication successful
  }

  @Override
  public void onError(final OneginiAuthenticationError oneginiAuthenticationError) {
    // Authentication failed
  }
});

In addition, you must include a request handler. The handler is responsible for reporting whether the result of the triggered action was successful or not. The Android SDK provides access to multiple RequestHandlers that can be implemented based on the authentication method, such as PIN or fingerprint.

A RequestHandler is a class that contains methods to hand over control from the Android SDK to your application. When the preferred method of authentication for a user is PIN authentication the startAuthentication method of the class that implements the OneginiPinAuthenticationRequestHandler interface is called. After the user has entered their PIN, the PIN needs to be provided to the Android SDK to continue the authentication flow. The startAuthentication method contains a callback object to submit the PIN to the Android SDK.

Note

The Android SDK is a stateful library. You must not call asynchronous methods (like authenticateUser() or start()) in parallel. If you call the same method multiple times while the previous call is running you might receive an ACTION_ALREADY_IN_PROGRESS error.

Android user permissions

The Android SDK requires the following permissions to access the network and use the mobile device fingerprint authenticator. During the application build process the permissions are automatically merged with the applications AndroidManifest file by the Manifest Merger tool. 

<!-- SDK's AndroidManifest.xml -->
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.USE_FINGERPRINT" />

Debug mode

The Android SDK is able to detect if the application is running in debug mode. By default when debug mode detection is enabled, the Android SDK does not allow executing any security related flow.

Integrity check

The Android SDK does provide tampering protection mechanism, even though it is recommended to provide additional integrity checks within the code of your app. Read more here.

Abbreviations

  • DCR: Dynamic Client Registration

  • FCM: Firebase Cloud Messaging

  • IDP: Identity Provider

  • REST: Representational State Transfer, an architecture style for designing networked applications

Android SDK Release notes

On this page