JarCasting
Liferay Android SDK OAuth1 Library
Setup
The OAuth Provider portlet must be installed on your Liferay Portal in order to enable authentication with OAuth1. This portlet is currently available for EE customers only.
Read its documentation to generate the consumer key and secret for your app, they will be used by the Mobile SDK to sign your requests and we will refer to them in this document.
In your Android project, you need to add the library as a dependency, in the build.gradle file:
repositories {
jcenter()
mavenCentral()
}
dependencies {
compile group: 'com.liferay.mobile', name: 'liferay-android-oauth', version: '1.+'
}
Use
Create a Session instance passing a OAuth instance:
import com.liferay.mobile.android.auth.Authentication;
import com.liferay.mobile.android.oauth.OAuth;
Authentication auth = new OAuth(consumerKey, consumerSecret, token, tokenSecret);
Session session = new SessionImpl("http://localhost:8080", auth);
GroupService service = new GroupService(session);
JSONArray sites = service.getUserSites();
As you can see, you need to pass consumerKey and consumerSecret to the OAuth constructor. These parameters are tied to your app and, as mentioned earlier, must be generated by the OAuth Provider portlet.
token and tokenSecret are the tokens required by the OAuth 1.0a protocol. They are used to identify the user once he has granted permission to your app. In order to obtain them, the user needs to authenticate through the OAuth flow, that is, your app must open a web browser showing the portal's login page and user needs to login and grant permission to your app.
You can implement that part yourself, using any available Android OAuth 1.0a library. Alternatively, we provide helper classes to obtain token and tokenSecret. See the sections below.
OAuth 2.0
This library only support OAuth 1.0a protocol. If you are using Liferay DXP 7.1 and want to use OAuth2 instead, you can do this through Liferay Mobile SDK 7.1 that already support OAuth 2.0 protocol
Internal WebView
The instructions below give you an idea of the required steps to authenticate using an internal WebView in your app. It's very important that you read and run the sample app.
Create a OAuthWebView instance within your app layout XML file:
<com.liferay.mobile.android.oauth.view.OAuthWebView
android:id="@+id/webView"
android:layout_width="match_parent"
android:layout_height="match_parent" />
Then, start the OAuth flow by setting up your OAuthWebView instance with an OAuthConfig instance that contains the server URL, consumer key and secret, like the following:
OAuthConfig config = new OAuthConfig(server, consumerKey, consumerSecret);
OAuthWebView webView = (OAuthWebView)findViewById(R.id.webView);
webView.start(config, this);
If everything goes fine, the WebView will open Liferay's login page and will ask the credentials to the user.
As you may have noticed, the start method also requires a OAuthCallback parameter, the callback's onSuccess method will be called once user has sucessfully authenticated and granted permission to your app, if he hasn't granted or something went wrong, onFailure will be called instead:
@Override
public void onSuccess(OAuthConfig config) {
String consumerKey = config.getConsumerKey();
String consumerSecret = config.getConsumerSecret();
String token = config.getToken();
String tokenSecret = config.getTokenSecret();
// Create an OAuth instance with these values and pass to
// the SessionImpl constructor
}
@Override
public void onFailure(Exception exception) {
exception.printStackTrace();
}
The onSuccess config parameter provides all 4 values required by SessionImpl to authenticate against Liferay's remote services. Read the use section above to learn how use the Mobile SDK's services with these values.
The OAuthCallback interface also requires you to implement a onCallbackURL method, it's called when the authentication flow is completed and it's useful in case you want to hide the OAuthWebView instance:
@Override
public void onCallbackURL(Uri callbackURL) {
OAuthWebView webView = (OAuthWebView)findViewById(R.id.webView);
webView.setVisibility(View.INVISIBLE);
}
External Browser
The instructions below give you an idea of the required steps to authenticate using an external browser. It's very important that you read and run the sample app.
This will open the user's favorite mobile browser and the authentication flow will happen there as opposed to inside the app.
From your Activity you must start the OAuthActivity, passing a OAuthConfig instance as an intent extra:
OAuthConfig config = new OAuthConfig(server, consumerKey, consumerSecret);
Intent intent = new Intent(this, OAuthActivity.class);
intent.putExtra(OAuthActivity.EXTRA_OAUTH_CONFIG, config);
startActivityForResult(intent, 1);
If everything goes fine, an external web browser will open Liferay's login page and will ask the credentials to the user.
Once user has sucessfully authenticated and granted permission to your app, the onActivityResult method in your Activity will be called. Likewise, if the user hasn't granted permission or something went wrong, onActivityResult will be also called:
@Override
public void onActivityResult(int request, int result, Intent intent) {
if (result == RESULT_OK) {
OAuthConfig config = (OAuthConfig)intent.getSerializableExtra(
OAuthActivity.EXTRA_OAUTH_CONFIG);
String consumerKey = config.getConsumerKey();
String consumerSecret = config.getConsumerSecret();
String token = config.getToken();
String tokenSecret = config.getTokenSecret();
// Create an OAuth instance with these values and pass to
// the SessionImpl constructor
}
else if (result == RESULT_CANCELED) {
Exception exception = (Exception)intent.getSerializableExtra(
OAuthActivity.EXTRA_EXCEPTION);
exception.printStackTrace();
}
}
Check the result parameter to see if authentication was sucessful or not. If successful, get the OAuthConfig extra from the intent, it provides all 4 values required by SessionImpl to authenticate against Liferay's remote services. Read the use section above to learn how use the Mobile SDK's services with these values.
In case of failure, the intent will contain a Exception extra with the error cause.