Browser Identity Provider¶
In case when user tries to register with an Identity Provider (IdP) that is browser-based, the SDK needs to ask for an access grant to the
Token Server via the browser. In order to support registration with browser Identity Providers the app should provide an implementation of the
OneginiBrowserRegistrationRequestHandler interface to the SDK.
1 2 3 4 5 6 7 8 9 10 11 12 13
The handler should be then passed to the SDK with the
Example code for initializing the SDK with custom IDP
1 2 3 4 5 6
In case when browser registration is required the SDK will notify the app via
OneginiBrowserRegistrationRequestHandler#startRegistration() method call. The
app should use provided url to ask for the access grant in a separate web browser.
Example opening external browser
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Handling the redirection¶
When the client credentials are invalid the Token Server is not able to redirect the user back to the app. As this will potentially make the app instance
useless unless re-installing the app. The SDK will validate the client credentials and refresh them before redirecting to the token server to receive an
access grant. When user authentication in web browser failed or was canceled, you can abort registration action by calling
When client credentials are correct and the user gets his access granted, the Token Server will redirect back to the app. As the app is a layer on top of the SDK, the SDK cannot handle this redirect itself. It is the responsibility of the app to handle the redirect and delegate it to the SDK. When delegating a redirect the SDK will verify if the redirect has the right syntax and if it should be handled by the SDK. If id decides that the redirect should be handled it will continue to process it. The app can handle a redirect by specifying a scheme in the AndroidManifest.xml of the application. Please make sure that you set the same scheme in OneginiConfigModel and in Token Server's configuration
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
For a successful callback, the SDK will start using the received authorization grant. Based on this authorization grant an access token will be requested for the specified set of scopes. When the client has the refresh token grant type a refresh token will be returned with the created access token for a correct access grant by the Token Server.
Example code to handle registration callback
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
When calling the
OneginiBrowserRegistrationCallback#handleRegistrationCallback method there is no need to specify a handler, because the
OneginiBrowserRegistrationRequestHandler from the registration call is used instead. In case of the registration in a web browser has failed or was aborted by
the user, you can call
OneginiBrowserRegistrationCallback#denyRegistration() method in order to abort the registration process.