1. Develop and deploy Android mobile apps to leverage your back-end services
  2. About Authentication Options for Your Oracle Mobile Hub Applications

About Authentication Options for Your Oracle Mobile Hub Applications

Your users can authenticate with your Oracle Mobile Hub application using a number of technologies, including OAuth, single sign-on, HTTP basic authentication, and Facebook login.

About OAuth Consumer

Your users can authenticate with your Oracle Mobile Hub Android applications using OAuth Consumer.

First you initialize the authorization agent and set the authentication type to OAUTH: 

private AuthorizationAgent mAuthorization; 
private MobileBackend mobileBackend; 

try {
  mobileBackend = MobileManager.getManager().getMobileBackend(this);
} catch (ServiceProxyException e) {
      e.printStackTrace();
}

mAuthorization = mobileBackend.getAuthorization(AuthType.OAUTH);

Then you use the authenticate method to attempt authentication. The call includes parameters for Android context, user name, password, and a callback that completes the authorization process: 

TextView username, password; 
username = (TextView) findViewById(R.id.username);
password = (TextView) findViewById(R.id.password); 
String userName = username.getText().toString(); 
String passWord = password.getText().toString();
mAuthorization.authenticate(mCtx, userName, passWord, mLoginCallback);

Here’s the definition for the callback:

AuthorizationCallback mLoginCallback = new AuthorizationCallback() {
   @Override
   public void onCompletion(ServiceProxyException exception) {
     Log.d(TAG, "OnCompletion Auth Callback");
      if (exception != null) {
        Log.e(TAG, "Exception while receiving the Access Token", exception);
     } else {
        Log.e(TAG, "Authorization successful");
     }
   }
 }

About Single Sign-on Authentication with a Third-party Token

You can authenticate your mobile application by using a token issued by a third-party provider.

First, your app needs to get a token from the third-party token issuer. The way you can obtain the token varies by issuer.

Once you have the token, initialize the authorization agent and use the token in your authorization call. 

private AuthorizationAgent mAuthorization; 
private MobileBackend mobileBackend; 
Context mCtx = getApplicationContext();

try {
  mobileBackend = MobileManager.getManager().getMobileBackend(this);
} catch (ServiceProxyException e) {
      e.printStackTrace();
}

mAuthorization = mobileBackend.getAuthorization(AuthType.TOKENEXCHANGE);

Then you use the authenticateUsingTokenExchange method to attempt authentication. 

mAuthorization.authenticateUsingTokenExchange(mCtx, token, false, mLoginCallback);

Here’s the callback: 

AuthorizationCallback mLoginCallback = new AuthorizationCallback() {
    @Override
    public void onCompletion(ServiceProxyException exception) {
        if (exception == null) {
            //redirect to another Activity after login
            Intent intent = new Intent(mCtx, ContentActivity.class);
            startActivity(intent);
  
        } else {
            Log.e(TAG, "Exception during token exchange:", exception);
            finish();
        }
    }
};

Note:

The default expiration time for storing a third-party token in Oracle Mobile Hub is 6 hours. You can adjust this time by changing the Security_TokenExchangeTimeoutSecs policy.

You can also code the app to keep the user logged in, even when closing and restarting the app.

In the above example, the authenticateUsingTokenExchange() method is called with the third parameter (storeToken) set to false. If you set this parameter to true and the token exchange is successful, the MCS token is stored in a secure store and the user remains logged in until the token expires.

You can then use the loadSSOTokenExchange method on the Authorization object to load the stored token. If a token can’t be retrieved from the secure store, the method returns false.

Here’s some code that tries to load a saved token and, if it fails, restarts the authentication process:

try {
    mAuthorization = MobileManager.getManager().getMobileBackend(this).getAuthorization();
    if (!mAuthorization.loadSSOTokenExchange(mCtx)) {
        //user not logged in, so need to initiate login
        mAuthorization.authenticateUsingTokenExchange(mCtx, token, true, mLoginCallback);
    }

When you have the token stored in the secure store, it remains associated with the mobile backend that the app originally used. Therefore, if the app is updated to use a different mobile backend (or mobile backend version), you need to clear the saved token and re-authenticate.

mAuthorization.clearSSOTokenExchange(mCtx);
mAuthorization.authenticateUsingTokenExchange(mCtx, token, true, mLoginCallback);

About Basic HTTP Authentication

Authenticating users using HTTP Basic is similar to authentication using OAuth.

First you initialize the authorization agent and set the authentication type to BASIC_AUTH: 

private AuthorizationAgent mAuthorization; 
private MobileBackend mobileBackend; 

try {
  mobileBackend = MobileManager.getManager().getMobileBackend(this);
} catch (ServiceProxyException e) {
      e.printStackTrace();
}

mAuthorization = mobileBackend.getAuthorization(AuthType.BASIC_AUTH)

Then you use the authenticate method to attempt authentication. The call includes parameters for Android context, user name, password, and a callback that completes the authorization process. 

TextView username, password; 
username = (TextView) findViewById(R.id.username);
password = (TextView) findViewById(R.id.password);
String userName = username.getText().toString(); 
String passWord = password.getText().toString();
mAuthorization.authenticate(mCtx, userName, passWord, mLoginCallback);

Here’s the definition for the callback:

AuthorizationCallback mLoginCallback = new AuthorizationCallback() {
   @Override
   public void onCompletion(ServiceProxyException exception) {
     Log.d(TAG, "OnCompletion Auth Callback");
     if (exception != null) {
       Log.e(TAG, "Exception while receiving the Access Token", exception);
     } else {
   Log.e(TAG, "Authorization successful");
   }
  }
 }

About Using Facebook Login

If you want to use Facebook login, you can use the classes in the oracle_mobile_android_social library.

First you initialize the authorization agent and set the authentication type to Facebook: 

SocialAuthorizationAgent mAuthorization;
SocialMobileBackend socialMobileBackend;
try {
  socialMobileBackend = SocialMobileBackendManager.getManager().getMobileBackend(mCtx);
} catch(ServiceProxyException e){
    e.printStackTrace();
}
mAuthorization = socialMobileBackend.getSocialAuthorization(); mAuthorization.setAuthType(AuthType.FACEBOOK);

Using a CallbackManager object from Facebook’s SDK, initiate authentication. 

private CallbackManager callbackManager;
mAuthorization.setup(getApplicationContext(), callback);
callbackManager = mAuthorization.getCallBackManager();
mAuthorization.authenticateSocial(mCtx);

Here’s code you can use for the callback that is passed above: 

private FacebookCallback<LoginResult> callback = new FacebookCallback<LoginResult>() {
    @Override
    public void onSuccess(LoginResult loginResult) {
        Log.e(TAG, "facebook login successful.");
    }
    @Override
    public void onCancel() {
    }
    @Override
    public void onError(FacebookException e) {
    }
};

Override the onActivityResult() method to use the callback: 

@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    callbackManager.onActivityResult(requestCode, resultCode, data);