AuthenticationActivity

Handles OAuth sign-in and Identity-Aware Proxy (IAP) sign-in/sign-out flows by launching a Custom Tab for user interaction.

This activity must be registered in the application's manifest. Configuration depends on the app's requirements:

1. For authentication challenges where the Custom Tab redirects back to this activity:

   • Declare the activity with launchMode="singleTop" and include an intent-filter:

    <activity
    android:name="com.arcgismaps.toolkit.authentication.AuthenticationActivity"
    android:configChanges="keyboard|keyboardHidden|orientation|screenSize"
    android:exported="true"
    android:launchMode="singleTop" >
      <intent-filter>
        <action android:name="android.intent.action.VIEW" />
   
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
   
        <data
          android:host="auth"
          android:scheme="my-ags-app" />
        </intent-filter>
    </activity>

   Content copied to clipboard

2. If the redirect intent should be handled by another activity:

   • Remove the AuthenticationActivity from your app's manifest and put its intent filter on the activity that you wish to receive the redirect intent.

   • Set your activity's launchMode to singleTop, this must be done in order for OAuth or IAP redirect to work.

    <activity
        ...
        android:launchMode="singleTop"
        ... >
        <intent-filter>
            <action android:name="android.intent.action.VIEW" />
   
            <category android:name="android.intent.category.DEFAULT" />
            <category android:name="android.intent.category.BROWSABLE" />
   
            <data
                android:host="auth"
                android:scheme="my-ags-app" />
        </intent-filter>
        ...

   Content copied to clipboard

   • Call the extension function launchCustomTabs in the lambda onPendingBrowserAuthenticationChallenge of the Authenticator, passing in the pending BrowserAuthenticationChallenge:

     DialogAuthenticator(
         authenticatorState = authenticatorState,
         onPendingBrowserAuthenticationChallenge = { pendingBrowserAuthenticationChallenge ->
             launchCustomTabs(pendingBrowserAuthenticationChallenge)
         }
     )

   Content copied to clipboard

   • Handle the redirect in your app activity's onNewIntent and onResume overrides:

   • You can check if the intent was caused by an OAuth or IAP redirect because the intent.data.toString() will start with your OAuth or IAP configuration's redirect URI.

   • Currently, IAP sign-out does not redirect back to the app, so you will not receive an intent in onNewIntent. Instead, this will need to be handled in onResume when the Custom Tab is closed. See documentation of AuthenticatorState.completeBrowserAuthenticationChallenge for more details.

    override fun onNewIntent(intent: Intent?) {
        super.onNewIntent(intent)
        intent?.data?.toString()?.let { redirectUri ->
            if (redirectUri.startsWith("your-redirect-uri")) {
                // This gets called when OAuth or IAP redirects back to the app.
                authenticationAppViewModel.authenticatorState.completeBrowserAuthenticationChallenge(intent)
            }
        }
    }
   
    override fun onResume() {
        super.onResume()
        // This gets called when the Custom Tab is closed using the close button or the phone's back button, so we
        // pass null.
        if (viewModel.isCustomTabLaunched()) {
            authenticationAppViewModel.authenticatorState.completeBrowserAuthenticationChallenge(null)
        }
    }

   Content copied to clipboard

   See ../README.md for more details.