Registration with browser IDP
Introduction
In case when user tries to register with an Identity Provider (IdP) that is browser-based, the SDK needs to ask for an access grant to the
Token Server via the browser. In order to support registration with browser Identity Providers the app should provide an implementation of the
OneginiBrowserRegistrationRequestHandler
interface to the SDK.
OneginiBrowserRegistrationRequestHandler
The handler should be then passed to the SDK with the OneginiClientBuilder#setBrowserRegistrationRequestHandler
method:
Example code for initializing the SDK with custom IDP
In case when browser registration is required the SDK will notify the app via OneginiBrowserRegistrationRequestHandler#startRegistration()
method call. The
app should use provided url to ask for the access grant in a separate web browser.
Example opening external browser
Handling the redirection
When the client credentials are invalid the Token Server is not able to redirect the user back to the app. As this will potentially make the app instance
useless unless re-installing the app. The SDK will validate the client credentials and refresh them before redirecting to the token server to receive an
access grant. When user authentication in web browser failed or was canceled, you can abort registration action by calling
OneginiBrowserRegistrationCallback#denyRegistration()
.
When client credentials are correct and the user gets his access granted, the Token Server will redirect back to the app. As the app is a layer on top of the SDK, the SDK cannot handle this redirect itself. It is the responsibility of the app to handle the redirect and delegate it to the SDK. When delegating a redirect the SDK will verify if the redirect has the right syntax and if it should be handled by the SDK. If id decides that the redirect should be handled it will continue to process it. The app can handle a redirect by specifying a scheme in the AndroidManifest.xml of the application. Please make sure that you set the same scheme in OneginiConfigModel and in Token Server's configuration
Example AndroidManifest.xml
For a successful callback, the SDK will start using the received authorization grant. Based on this authorization grant an access token will be requested for the specified set of scopes. When the client has the refresh token grant type a refresh token will be returned with the created access token for a correct access grant by the Token Server.
Example code to handle registration callback
When calling the OneginiBrowserRegistrationCallback#handleRegistrationCallback
method there is no need to specify a handler, because the
OneginiBrowserRegistrationRequestHandler
from the registration call is used instead. In case of the registration in a web browser has failed or was aborted by
the user, you can call OneginiBrowserRegistrationCallback#denyRegistration()
method in order to abort the registration process.