Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Android SDK

Authenticating users

search

Authenticating users

The UserClient exposes the authenticateUser method UserClient#authenticateUser() that takes a specific UserProfile object as a parameter to support multiple user profiles for the same mobile client and uses a preferred authenticator to log the user in.

A (Set<UserProfile>) list of registered user profiles can be checked by calling UserClient#getUserProfiles(). Optionally, to log in with a different authenticator, you can use an overload of the UserClient#authenticateUser() method, which takes the UserProfile object and the OneginiAuthenticator as parameters.

On successful authentication, the Android SDK will call the onSuccess(UserProfile userProfile, CustomInfo customInfo) method from the OneginiAuthenticationHandler to return the authenticated UserProfile value object and CustomInfo object. The same value object of the currently authenticated user can be accessed via the UserClient#getAuthenticatedUserProfile() method. Calling UserClient#authenticateUser() for an already authenticated user will result in logging the user out.

The result of authentication is an access token, optionally with a refresh token. When a refresh token is available in the authentication flow, the Android SDK will use the refresh token to authenticate. As the refresh token is stored encrypted on the device, the user has to provide their PIN (or a fingerprint) via the specified authentication request handler to decrypt it. In case of the fingerprint authentication, the Android system is responsible for recognizing the correct fingerprint. The refresh token will not be accessible when the wrong fingerprint is provided. In case of the PIN authentication, the decrypted refresh token will be sent to the IDAAS-core to validate the user's PIN. When the wrong pin was entered for too many times the Android SDK will remove the stored refresh token.

Example: authenticate user with preferred authenticator

OneginiSDK.getOneginiClient(this).getUserClient().authenticateUser(userProfile, new OneginiAuthenticationHandler() {
    @Override
    public void onSuccess(final UserProfile userProfile, final CustomInfo customInfo) {
      // show user is authenticated
    }

    @Override
    public void onError(final OneginiAuthenticationError error) {
      // check error reason and handle it or explain it to the user
    }
  }

Example: authenticate user using a specific authenticator

OneginiSDK.getOneginiClient(this).getUserClient().authenticateUser(userProfile, oneginiAuthenticator, new OneginiAuthenticationHandler() {
    @Override
    public void onSuccess(final UserProfile userProfile, final CustomInfo customInfo) {
      // show user is authenticated
    }

    @Override
    public void onError(final OneginiAuthenticationError error) {
      // check error reason and handle it or explain it to the user
    }
  }

On this page