Authenticate user implicitly


The SDK allows you to authenticate users implicitly (without user interaction) using the device credentials. It is less secure, but more convenient option to use if you want to fetch user specific resources with limited access. You can use it only for regular authentication, mobile authentication is not supported. Before you start using the implicit authentication, you have to manually enable it in the client configuration in the Token Server. Implicit authentication doesn't affect regular authentication, so you can implicitly authenticate a user regardless if any user is currently authenticated.


Only one user can be implicitly authenticated at a time. Implicitly authenticating another user will cause the current implicitly authenticated user to be logged out.

Determine if we can login user implicitly

The UserClient contains the getUserProfiles method which returns set of all registered UserProfiles. You can check size of that set to determine if there is possibility to implicitly login. If the method isRegisteredAtLeastOneUser from the example below will return false you can assume that no user is authenticated on the device. In that case user have to register before implicitly logging in.

Example code

private boolean isRegisteredAtLeastOneUser() {
  final Set<UserProfile> userProfiles = OneginiSDK.getOneginiClient(this).getUserClient().getUserProfiles();
  return userProfiles.size() > 0;

You can also use UserClient#isUserRegistered() method in order to check if specified user is registered on the device.

Implicitly login registered user

When at least one user has already registered there is possibility to implicitly login that user using authenticateUserImplicitly method from the UserClient. This method requires three arguments:

  • UserProfile the UserProfile that we want to implicitly authenticate,
  • String[] the list of scopes that we want to request, it should be a subset of the scopes already granted to the UserProfile during registration or null, if you want to request all the scopes granted during user registration,
  • OneginiImplicitAuthenticationHandler the implicit authentication handler to return the authentication result to.

The result of the implicit authentication is an access token. The implicit authentication handler contains:

  • an onSuccess method which lets you know that authentication was finished successfully - at this point, you can request data on behalf of the user,
  • an onError method which is called in every other case.

You can find more information about authentication in user authentication section.

Example code

private void loginUserImplicitly(final UserProfile userProfile) {
        .authenticateUserImplicitly(userProfile, new String[]{ "read" }, new OneginiImplicitAuthenticationHandler() {
          public void onSuccess(final UserProfile profile) {
            //user has been logged in

          public void onError(final OneginiImplicitTokenRequestError oneginiImplicitTokenRequestError) {
            //handle implicit authentication errors

For more info on error handling see the error handling topic guide.

Checking which user is implicitly authenticated

UserClient contains a method getImplicitlyAuthenticatedUserProfile which returns the currently implicitly authenticated UserProfile object or null if no user is implicitly authenticated.