Android Demo Walkthrough

Demo example of integrating HyperID into an Android application

Android applications can directly utilize the HyperID REST API through HTTP requests. This part is fully covered with an Interactive Web Demo, where developers can examine the detailed description of each request and explore the corresponding response structures.

It's worth noting that the integration of authorization web flows into an Android application may require a bit more effort than is usually the case.

There are two common ways to do this (please see the detailed explanation here):

  1. Using a WebView within an Android application.

  2. Using an external browser.

The example provided includes implementing both.

Exploring Source Code

The full source code of this demo and the compiled .apk are available on GitHub:

The folder \app\src\main\java\com\deep_link\sample\ui\ contains some useful source files for the Android demo integration:

  • MainActivity.kt: represents the main activity of the application. It serves as an entry point and handles the overall behavior of the demo.

  • ui_compose.kt: contains the user interface (UI) implementation for the demo. It includes the visual components and the layout design to provide a seamless user experience.

  • uri_helper.kt: includes configuration parameters (clientID, clientSecret and redirect URI) and URI functionality. These values are initially configured for the test client, but developers can register their own Client via the HyperID Developer's Portal and replace the configuration parameters in this file.

  • external_browser.kt: includes the OpenExternalBrowser function, which is utilized to initiate the web flow in an external browser.

  • account_tokens.kt: provides the functionality to work with the access and the refresh tokens.

When using a custom clientID/clientSecret, it is important to ensure that the configured redirect URI is also registered through the HyperID Developer's Portal. This step is required to ensure successful integration.

Secure Redirect URI Processing for External Browsers

To enable proper communication with an external browser, the application's Manifest.xml file must register the application for redirect URI processing.

The Manifest.xml file alone does not guarantee exclusive processing of the redirect URI by the application.

In addition, it is highly recommended to utilize Android Deep Link or Firebase Dynamic Links. These tools provide a more robust solution by ensuring that the link is only processed by the application and remains inaccessible to any other parties. By incorporating one of these mechanisms, developers can achieve a higher level of security and maintain control over the browsing experience.

Last updated