Table of content

• Implementation
• Assetlinks
• Trust IDP
  • Builder
  • Constants
  • Methods
    • Request Authorize
    • Get Code
    • Token Exchange
    • Get User Info
    • Refresh Token
• Trust Transaction
  • Methods
    • Get Transaction
    • Update Transaction
    • Get Transaction By Company
• Trust Validation
  • Methods
    • Validate Code
    • Validate QR Code
    • Validate Login Assisted
• Trust FIDO2
  • Methods
    • Register Request
    • Register Response
    • Sign In Request
    • Sign In Response
    • Handle Error Response
• Trust Native
  • Builder
  • Methods
    • Get Form
    • Do Login Assisted
    • Send Form (login)
    • Get Token
    • Send Form Login Assisted
    • Inject Flow
    • Refresh Token
• Errors
• Logs

Implementation

To enable the retrieval of Trust Technologies hosted packages via Gradle, the first step is to add your repository to the build.gradle file (project level).

To do add the following, at any location, to your build.gradle file:

repositories {

maven {

url "https://dl.cloudsmith.io/OZ4Ow2XY7HBOezgN/trusttechnologies/ssov2/maven/"

}

}

After the repository is added to the build.gradle file, all that is left is to specify the dependency in the dependencies section of the project build.gradle file (app level).

To do this add the below to your build.gradle file (app level):

dependencies {

implementation 'com.sdk.trust:sso:0.0.14'

}

Assetlinks

To use FIDO2 API on an TrustSSO , associate it with a website and share credentials between them. To do so, leverage the Digital Asset Links. You can declare associations by hosting a Digital Asset Links JSON file on your website, and adding a link to the Digital Asset Link file to your app's manifest.

Host .well-known/assetlinks.json at your domain

You can define an association between your app and the website by creating a JSON file and put it at .well-known/assetlinks.json. Luckily, we have a server code that displays assetlinks.json file automatically, just by adding following environment params to the .env file in glitch:

• ANDROID_PACKAGENAME: Package name of your app (com.example.android.fido2)
• ANDROID_SHA256HASH: SHA256 Hash of your signing certificate

In order to get the SHA256 hash of your developer signing certificate, use the command below. The default password of the debug keystore is "android".

keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore

Note: In some cases you have to remove the command -exportcert

assetlinks.json example

[

{

"relation": [

"delegate_permission/common.handle_all_urls",

"delegate_permission/common.get_login_creds"

],

"target": {

"namespace": "web",

"site": "https://<your-domain>.com"

}

},

{

"relation": [

"delegate_permission/common.handle_all_urls",

"delegate_permission/common.get_login_creds"

],

"target": {

"namespace": "android_app",

"package_name": "you.app.bundle.id",

"sha256_cert_fingerprints": [

"DE:AD:BE:EF:..."

]

}

}

]

Trust IDP

The TrustID class provides the facility to initiate a login flow from another platform under the OpenID Connect standards.

Builder

Name	Description	Default Value	Optional
scheme	Specifies the scheme	https	Yes
baseUrl	Specifies the domain	atenea.trust.lat	Yes
scopes	Specifies the scopes	-	No
acrValue	Specifies the acr value	-	No
clientID	Set the client id	-	No
clientSecret	Set the cliend secret	-	Yes
redirectUri	Set the register redirect URI	-	No
responseType	Specifies the response type	-	No
grantType	Specifies the grand type	-	No
state	Random number in openid connect	-	No
tokenPath	Specifies the token path	token	Yes
authPath	Specifies the auth path	authorize	Yes
userInfoPath	Specifies the user info path	userinfo	Yes
appendPath	Append a Path to URL	-	No
build	Return a instance of TrustIDP	-	No

Note: Redirect URI must be registered in the manifest as a deep link associated with an activity, for more information see the deep link documentation

Code Example

val trustidp = TrustIDP.Builder(context)

.scopes("<YOUR_SCOPES>")

.acrValue(AcrValue.AUTOIDENTIFY)

.clientID("<YOUR_CLIEND_ID>")

.redirectUri("<YOUR_REDIRECT_URI>")

.clientSecret("<YOUR_CLIEND_SECRET>")

.responseType(ResponseType.CODE)

.grantType(GrantType.AUTHORIZATION_CODE)

.build()

trustidp.requestAuthorize()

Methods

Request Authorize

Open a web browser to login in atenea IdP (default), the result data will be returned in the activity callback as a intent

fun requestAuthorize(){}

Get Code

Get the code as a string from the intent obtained in the callback activity

fun getCode(intent: Intent):String{}

Intent: the intent of the callback return the code as String

Token Exchange

Exchange the code obtained in the activity callback for an access token

fun tokenExchange(intent: Intent, listener: TrustListenerSSO<TokenResponse>){}

Intent: the intent of the callback Listener: Listener to get the access token information

Get User Info

Get user data by access token

fun getUserInfo(listener: TrustListenerSSO<UserInfoAtenea>){}

Listener: Listener to get the user information

User info object

data class UserInfoAtenea(

val companyUid: String,

val dni: String,

val email: String,

val lastName: String,

val name: String,

val sub: Int

)

Refresh Token IDP

Refresh token for access token

fun refreshToken(listener: TrustListenerSSO<TokenResponse>){}

Listener: Listener to get the access token information

Constants

Constants that can be used in the creation of the builder

Name	Value
AUTHORIZATION_CODE	authorization_code
IMPLICIT	implicit
CLIENT_CREDENTIALS	client_credentials
REFRESH_TOKEN	refresh_token
AUTHORIZATION_CODE	refresh_token
DEVICE_CODE	device_code
PKCE	pkce
GRANT_TYPE	grant_type
CODE	code
ID_TOKEN	id_token
TOKEN	response_type
AUTH	auth
AUTHORIZE	authorize
USERINFO	response_type
OAUTH2	oauth2
HTTP	http
HTTPS	https

Trust Transaction

Methods

Get Transaction

TrustTransactions().getTransaction("5cff60", object : TrustListenerSSO<TransactionResponse> {

override fun onSuccess(code: Int, data: TransactionResponse) {

//code from server

// data from serve

}

override fun onError(code: Int, msg: String) {

//code from server

//error from server

}

})

Update Transaction

val updateTransactionRequest = UpdateTransactionRequest("5cff60", false, "sms", true)

TrustTransactions().updateTransaction(

updateTransactionRequest, object : TrustListenerSSO<TransactionResponse> {

override fun onSuccess(code: Int, data: TransactionResponse) {

//code from server

// data from serve

}

override fun onError(code: Int, msg: String) {

//code from server

//error from server

}

})

Get Transaction By Company

TrustTransactions().getTransactionByCompany("5cff60", object : TrustListenerSSO<TransactionResponse> {

override fun onSuccess(code: Int, data: TransactionResponse) {

//code from server

// data from serve

}

override fun onError(code: Int, msg: String) {

//code from server

//error from server

}

})

Trust Validation

Methods

Validate Code

val validateTransactionRequest = ValidateTransactionRequest("user_id","transaction_Id")

TrustValidation().validateCode(validateTransactionRequest: ValidateTransactionRequest, listener: TrustListenerSSO<TransactionResponse>)

Description

Validate an OTP code

Validate QR Code

val validateTransactionRequest = ValidateTransactionRequest("user_id","transaction_Id")

TrustValidation().validateQr(validateTransactionRequest: ValidateTransactionRequest, listener: TrustListenerSSO<TransactionResponse>)

Description

Validate an QR code

Validate Login Assisted

val validateTransactionRequest = ValidateTransactionRequest("user_id","transaction_Id")

TrustValidation().validateLoginAssisted(validateTransactionRequest: ValidateTransactionRequest, listener: TrustListenerSSO<TransactionResponse>)

Trust FIDO2

Allows the user to implement security to their transactions through the security of the mobile device

Methods

Register Request

fun registerRequest(registerRequest: RegisterRequest, context: Context)

Description

Register Request is the method that is called when the FAB is pressed. We'd like to make this method call the server API . The API returns an ApiResult with all the PublicKeyCredentialCreationOptions that the client needs to generate a new credential.

Register Response

Description

fun registerResponse(intentResult: Intent?,listener: TrustListenerSSO<RegisterResponseResponse>?)

Sign In Request

Description

fun signInRequest(signInRequest: SignInRequest, context: Context)

Sign In Response

Description

fun signInResponse(intentResult: Intent,listener: TrustListenerSSO<SignInResponseResponse>?)

Handle Error Response

Description

fun handleErrorResponse(errorBytes: ByteArray)

Trust Native

Allows to obtain a login and a validation through an otp to obtain an access token through PKCE

Builder

Name	Description	Default Value	Optional
scopes	Specifies the scopes	-	No
clientID	Set the client id	-	No
clientSecret	Set the cliend secret	-	No
redirectUri	Set the register redirect URI	-	Yes
responseType	Specifies the response type	-	Yes
grantType	Specifies the grand type	-	No
build	Return a instance of TrustNative	-	No

Code example

private val native = TrustNative.Builder()

.clientSecret(<YOUR_CLIENT_SECRET>)

.scope(<YOUR_SCOPES>)

.clientID(<YOUR_CLIENT_ID>)

.build()

native.doLogin(object : TrustListenerSSO<FormResponse>{})

Methods

Do Login Assisted

native.doLoginAssisted(object: TrustListenerSSO<InitFlowResponse>{})

Get Form

native.getForm(object : TrustListenerSSO<FormResponse>{})

Description

It returns a login type form if it is the first time it is instantiated, otherwise it will return a code form.

view_type.login_form: Means that the form that has been returned is of type login, the data of this form must be sent in the following steps view_type.code_form: Means that the form that has been returned is of type code, the data of this form must be sent in the following steps, the codes are obtained by sms, whatsapp and mail.

Login form example

{

"data": {

"view_type": "login_form",

"fields": [

{

"name": "email",

"type": "mail"

},

{

"name": "password",

"type": "password"

}

]

}

}

Code form example

{

"data": {

"view_type": "code_form",

"fields": [

{

"name": "a2f",

"type": "number"

}

]

}

}

Send Form

native.sendForm(formData: JsonObject, object : TrustListenerSSO<StepsResponse> {})

Example of JsonObject

val jsonRequest = JsonObject()

jsonRequest.addProperty("email", "mail@example.com")

jsonRequest.addProperty("password", "12312313")

jsonRequest.addProperty("a2f", "909090")

Description

next_step: true : Means that there is still one form to complete. next_step: false : Means that there are no more forms left to complete. token_available: false: Means can't get token token_available: true: Means token can be obtained

Form step true

{

"data": {

"next_step": true,

"token_available": false

}

}

Form step false

{

"data": {

"next_step": false,

"token_available": true

}

}

Send Form Login Assisted

Description

Send a login to be authorized from another app

native.sendFormLoginAssisted(deviceCode: String, transactionId: String, object: TrustListenerSSO<StepsResponse>{})

Inject Flow

Description

Inject a step for the flow, the avaliable types of steps to be injected are:

NativeFlowTypes.REGISTER NativeFlowTypes.PASSWORD_RESET

native.injectFlow(

flowType: NativeFlowTypes,

listener: TrustListenerSSO<InjectFlowResponse>

)

Get Token Native

native.getAccessToken(object : TrustListenerSSO<TokenPKCEResponse> {})

Description

id_token: It is a jwt with the user information

{

"access_token": "dJflShMZsv1AYhttHPwUBI",

"refresh_token": null,

"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzozODYwN",

"token_type": "Bearer",

"expires_in": 3600

}

Refresh Token

Refresh token for access token

fun refreshToken(listener: TrustListenerSSO<TokenPKCEResponse>){}

Errors

Possible errors that can be found when integrating the SDK

Code	Value
0	Unknow error
400	Bad request
401	The request was unauthorized
403	The request was forbidden
404	The requested could not be found
405	Method not allowed
500	Internal server error
501	Not implemented
502	Bad gateway
503	Service unavailable
1000	Null or empty data
1001	Null response body from server
1002	Unexpected parameter or value
1003	Error network connection
1004	Error intent
1005	Error response from fingerprint

Logs

The logs can only be seen in the debug environment and through the TAG "PRETTY_LOGGER" to see the logs of the calls to the server, they can be seen through the TAG OkHttpClient

Log example

┌──────────────────────────────────────────────────────────────────────────────────

│ Thread: main

├┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄

│ ErrorManagerKt.objectToJsonError (ErrorManager.kt:122)

│ TrustLog.e (TrustLog.kt:16)

├┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄

│ {"errorCode":1000,"errorMessage":"ID must not be null or empty","stackTrace":[]}

└──────────────────────────────────────────────────────────────────────────────────