Skip to main content
Version: 1.x

Android: Integrate Logto Android SDK

note

This tutorial assumes you have created an Application of type "Native App" in Admin Console. If you are not ready, read this before continuing.

Add Logto SDK as a dependencyโ€‹

note

The minimum supported Android API level of Logto Andorid SDK is level 24.

Add the mavenCentral() repository to your Gradle project build file:

repositories {
mavenCentral()
}

Add Logto Android SDK to your dependencies:

dependencies {
implementation("io.logto.sdk:android:1.0.0-alpha.0")
}

Init LogtoClientโ€‹

note

Ensure the Application object has been initialized before creating a LogtoClient.

import io.logto.sdk.android.LogtoClient
import io.logto.sdk.android.type.LogtoConfig
import io.logto.sdk.core.constant.PromptValue

class MainActivity : AppCompatActivity() {

private lateinit var logtoClient: LogtoClient

override fun onCreate(savedInstanceState: Bundle?) {
// ...
val logtoConfig = LogtoConfig(
endpoint = "<your-logto-endpoint>", // E.g. http://localhost:3001
appId = "<your-app-id>",
scopes = null,
resources = null,
usingPersistStorage = true,
prompt = PromptValue.CONSENT,
)

logtoClient = LogtoClient(logtoConfig, application)
}
}

Sign inโ€‹

Configure Redirect URIโ€‹

In Android, the Redirect URI follows the pattern: $(LOGTO_REDIRECT_SCHEME)://$(YOUR_APP_PACKAGE)/callback.

note

The LOGTO_REDIRECT_SCHEME should be a custom scheme in the reverse domain format.
The YOUR_APP_PACKAGE is your app package name.

Assuming you treat io.logto.android as the custom LOGTO_REDIRECT_SCHEME, and io.logto.sample is your app package name, the Redirect URI should be io.logto.android://io.logto.sample/callback.

Now you can configure the Redirect URI in the admin console (Take io.logto.android://io.logto.sample/callback as an example).

Let's switch to the Application details page of Admin Console in this section. Add a Redirect URI io.logto.android://io.logto.sample/callback and click "Save Changes".

Redirect URI in Admin Console

Redirect URI is an OAuth 2.0 concept which implies the location should redirect after authentication.

Sign inโ€‹

note

Before calling .signIn(context, redirectUri, completion), make sure you have correctly configured Redirect URI in Admin Console.

logtoClient.signIn(this, "<your-redirect-uri>") { logtoException: LogtoException? ->
// User signed in successfully if `logtoException` is null.
}

After signing in successfully, logtoClient.isAuthenticated will be true.

Sign outโ€‹

Calling .signOut(completion) will always clear local credentials even if errors occurred.

logtoClient.signOut { logtoException: LogtoException? ->
// Local credentials are cleared regardless of whether `logtoException` is null.
}

Fetch user informationโ€‹

Logto SDK helps you fetch the user information from the OIDC UserInfo Endpoint.

You can get the user information by calling logtoClient.fetchUserInfo() after signing in.

The user information response will vary based on the scopes used in the LogtoConfig while initializing the LogtoClient; and the following table lists the relations between user information and scopes:

Field NameTypeRequired ScopeNotes
substringopenidThe openid scope is added by default.
namestringprofileThe profile scope is added by default.
usernamestringprofileThe profile scope is added by default.
picturestringprofileThe profile scope is added by default.
emailstringemail
email_verifiedbooleanemail
phone_numberstringphone
phone_number_verifiedbooleanphone
custom_dataobjectcustom_data
identitiesobjectidentities

Backend API authorizationโ€‹

Logto also helps you apply authorization to your backend APIs . Please check our Protect your API see how to integrate Logto with your backend applications.

You can claim an authorization token for a protected API Resource request easily through Logto SDK.

info

In order to grant an audience restricted authorization token for your request, make sure the requested API Resource is registered in the Logto Admin Console.

Add your API resource indicators to the Logto SDK configs.

// with all the required LogtoConfig listed above

override fun onCreate(savedInstanceState: Bundle?) {
val logtoConfig = LogtoConfig(
endpoint = "<your-logto-endpoint>",
appId = "<your-app-id>",
scopes = null,
// List all your API resources willing to access
resources = listOf("<your-resource-indicators>"),
usingPersistStorage = true,
prompt = PromptValue.CONSENT,
)

logtoClient = LogtoClient(logtoConfig, application)
}

Claim an authorization token from Logto before making your API request.

logtoClient.getAccessToken("<resource-indicator>", { logtoException, accessToken ->
// custom logic
})

With the user's authorization status, a JWT format access_token will be granted and issued by Logto, specifically for the requested API resource. Encrypted and audience-restricted with an expiration time. The token carries all the necessary info to represent the authority of this request.

Put the token in the Authorization field of HTTP headers with the Bearer format (Bearer YOUR_TOKEN), and you are good to go.

note

The Bearer Token's integration flow may vary based on the framework or requester you are using. Choose your own way to apply the request Authorization header.

Further readingsโ€‹