Trust SSO v2
#
Table of content#
ImplementationTo enable the retrieval of Trust Technologies hosted packages via Gradle, the first step is to add your repository to the build.gradle file (project level).
To do add the following, at any location, to your build.gradle file:
After the repository is added to the build.gradle file, all that is left is to specify the dependency in the dependencies section of the project build.gradle file (app level).
To do this add the below to your build.gradle file (app level):
#
AssetlinksTo use FIDO2 API on an TrustSSO , associate it with a website and share credentials between them. To do so, leverage the Digital Asset Links. You can declare associations by hosting a Digital Asset Links JSON file on your website, and adding a link to the Digital Asset Link file to your app's manifest.
.well-known/assetlinks.json
at your domain#
Host You can define an association between your app and the website by creating a JSON file and put it at .well-known/assetlinks.json
. Luckily, we have a server code that displays assetlinks.json
file automatically, just by adding following environment params to the .env
file in glitch:
ANDROID_PACKAGENAME
: Package name of your app (com.example.android.fido2)ANDROID_SHA256HASH
: SHA256 Hash of your signing certificate
In order to get the SHA256 hash of your developer signing certificate, use the command below. The default password of the debug keystore is "android".
Note: In some cases you have to remove the command -exportcert
#
assetlinks.json example#
Trust IDPThe TrustID class provides the facility to initiate a login flow from another platform under the OpenID Connect standards.
#
BuilderName | Description | Default Value | Optional |
---|---|---|---|
scheme | Specifies the scheme | https | Yes |
baseUrl | Specifies the domain | atenea.trust.lat | Yes |
scopes | Specifies the scopes | - | No |
acrValue | Specifies the acr value | - | No |
clientID | Set the client id | - | No |
clientSecret | Set the cliend secret | - | Yes |
redirectUri | Set the register redirect URI | - | No |
responseType | Specifies the response type | - | No |
grantType | Specifies the grand type | - | No |
state | Random number in openid connect | - | No |
tokenPath | Specifies the token path | token | Yes |
authPath | Specifies the auth path | authorize | Yes |
userInfoPath | Specifies the user info path | userinfo | Yes |
appendPath | Append a Path to URL | - | No |
build | Return a instance of TrustIDP | - | No |
Note: Redirect URI must be registered in the manifest as a deep link associated with an activity, for more information see the deep link documentation
#
Code Example
#
Methods#
Request AuthorizeOpen a web browser to login in atenea IdP (default), the result data will be returned in the activity callback as a intent
#
Get CodeGet the code as a string from the intent obtained in the callback activity
Intent: the intent of the callback return the code as String
#
Token ExchangeExchange the code obtained in the activity callback for an access token
Intent: the intent of the callback Listener: Listener to get the access token information
#
Get User InfoGet user data by access token
Listener: Listener to get the user information
#
User info object#
Refresh Token IDPRefresh token for access token
Listener: Listener to get the access token information
#
ConstantsConstants that can be used in the creation of the builder
Name | Value |
---|---|
AUTHORIZATION_CODE | authorization_code |
IMPLICIT | implicit |
CLIENT_CREDENTIALS | client_credentials |
REFRESH_TOKEN | refresh_token |
AUTHORIZATION_CODE | refresh_token |
DEVICE_CODE | device_code |
PKCE | pkce |
GRANT_TYPE | grant_type |
CODE | code |
ID_TOKEN | id_token |
TOKEN | response_type |
AUTH | auth |
AUTHORIZE | authorize |
USERINFO | response_type |
OAUTH2 | oauth2 |
HTTP | http |
HTTPS | https |
#
Trust Transaction#
Methods#
Get Transaction#
Update Transaction#
Get Transaction By Company#
Trust Validation#
Methods#
Validate Code#
DescriptionValidate an OTP code
#
Validate QR Code#
DescriptionValidate an QR code
#
Validate Login Assisted#
Trust FIDO2Allows the user to implement security to their transactions through the security of the mobile device
#
Methods#
Register Request#
DescriptionRegister Request is the method that is called when the FAB is pressed. We'd like to make this method call the server API . The API returns an ApiResult
with all the PublicKeyCredentialCreationOptions
that the client needs to generate a new credential.
#
Register Response#
Description#
Sign In Request#
Description#
Sign In Response#
Description#
Handle Error Response#
Description#
Trust NativeAllows to obtain a login and a validation through an otp to obtain an access token through PKCE
#
BuilderName | Description | Default Value | Optional |
---|---|---|---|
scopes | Specifies the scopes | - | No |
clientID | Set the client id | - | No |
clientSecret | Set the cliend secret | - | No |
redirectUri | Set the register redirect URI | - | Yes |
responseType | Specifies the response type | - | Yes |
grantType | Specifies the grand type | - | No |
build | Return a instance of TrustNative | - | No |
#
Code example#
Methods#
Do Login Assisted#
Get Form#
DescriptionIt returns a login type form if it is the first time it is instantiated, otherwise it will return a code form.
view_type.login_form: Means that the form that has been returned is of type login, the data of this form must be sent in the following steps view_type.code_form: Means that the form that has been returned is of type code, the data of this form must be sent in the following steps, the codes are obtained by sms, whatsapp and mail.
#
Login form example#
Code form example#
Send Form#
Example of JsonObject#
Descriptionnext_step: true : Means that there is still one form to complete. next_step: false : Means that there are no more forms left to complete. token_available: false: Means can't get token token_available: true: Means token can be obtained
#
Form step true#
Form step false#
Send Form Login Assisted#
DescriptionSend a login to be authorized from another app
#
Inject Flow#
DescriptionInject a step for the flow, the avaliable types of steps to be injected are:
NativeFlowTypes.REGISTER NativeFlowTypes.PASSWORD_RESET
#
Get Token Native#
Descriptionid_token: It is a jwt with the user information
#
Refresh TokenRefresh token for access token
#
ErrorsPossible errors that can be found when integrating the SDK
Code | Value |
---|---|
0 | Unknow error |
400 | Bad request |
401 | The request was unauthorized |
403 | The request was forbidden |
404 | The requested could not be found |
405 | Method not allowed |
500 | Internal server error |
501 | Not implemented |
502 | Bad gateway |
503 | Service unavailable |
1000 | Null or empty data |
1001 | Null response body from server |
1002 | Unexpected parameter or value |
1003 | Error network connection |
1004 | Error intent |
1005 | Error response from fingerprint |
#
LogsThe logs can only be seen in the debug environment and through the TAG "PRETTY_LOGGER" to see the logs of the calls to the server, they can be seen through the TAG OkHttpClient