Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trivago/Heimdall.droid

Easy to use OAuth 2 library for Android by trivago.
https://github.com/trivago/Heimdall.droid

Last synced: about 1 month ago
JSON representation

Easy to use OAuth 2 library for Android by trivago.

Host: GitHub
URL: https://github.com/trivago/Heimdall.droid
Owner: trivago
License: apache-2.0
Created: 2015-02-09T09:17:37.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2023-05-11T16:38:20.000Z (over 1 year ago)
Last Synced: 2024-07-18T14:42:07.624Z (2 months ago)
Language: Kotlin
Homepage: http://trivago.github.io/Heimdall.droid/
Size: 44 MB
Stars: 258
Watchers: 39
Forks: 23
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

        #  Heimdall

Heimdall is an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) client specifically designed for easy usage and high flexibility. It supports all grants as described in [Section 4](https://tools.ietf.org/html/rfc6749#section-4) as well as refreshing an access token as described in [Section 6](https://tools.ietf.org/html/rfc6749#section-6) of the [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749) specification.

This library makes use of [RxJava](https://github.com/ReactiveX/RxJava). Therefore you should be familar with [Observables](https://github.com/ReactiveX/RxJava/wiki/Observable).

If you are an iOS Developer then please take a look at the [Swift version of Heimdall](https://github.com/trivago/Heimdallr.swift).

[![JitPack.io](https://jitpack.io/v/trivago/Heimdall.droid.svg)](https://jitpack.io/#trivago/Heimdall.droid)

[![Travis Ci](https://travis-ci.org/trivago/Heimdall.droid.svg?branch=master)](https://travis-ci.org/trivago/Heimdall.droid)

[![Android Arsenal](https://img.shields.io/badge/Android%20Arsenal-Heimdall.droid-brightgreen.svg?style=flat)](http://android-arsenal.com/details/1/2016)

[![Api](https://img.shields.io/badge/API-9%2B-brightgreen.svg?style=flat)](https://android-arsenal.com/api?level=9)

## Installation

Heimdall is ready to be used via [jitpack.io](https://jitpack.io/#rheinfabrik/Heimdall.droid).

Simply add the following code to your root `build.gradle`:

```groovy

allprojects {

    repositories {

        jcenter()

        maven { url "https://jitpack.io" }

    }

}

```

Now add the gradle dependency in your application's `build.gradle`:

```groovy

dependencies {

    compile 'com.github.rheinfabrik:Heimdall.droid:{latest_version}'

}

```

## Examples

Heimdall's main class is the `OAuth2AccessTokenManager`. It is responsible for retrieving a new access token and keeping it valid by refreshing it.

In order to initialize an `OAuth2AccessTokenManager` instance, you need to pass an object implementing the `OAuth2AccessTokenStorage` interface. You can use the predefined `SharedPreferencesOAuth2AccessTokenStorage` if it suits your needs. Make sure that your `OAuth2AccessTokenStorage` is as secure as possible!

```java 

SharedPreferencesOAuth2AccessTokenStorage storage = new SharedPreferencesOAuth2AccessTokenStorage<>(mySharedPreferences, OAuth2AccessToken.class);

OAuth2AccessTokenManager<> manager = new OAuth2AccessTokenManager(storage);

```

On your manager instance you can now call `grantNewAccessToken(grant)` to receive a new access token. The grant instance you pass must implement the `OAuth2Grant` interface and your actual server call. 

Here is an example of an `OAuth2ResourceOwnerPasswordCredentialsGrant`.

```java 

public class MyOAuth2Grant extends OAuth2ResourceOwnerPasswordCredentialsGrant {

    // Constructor

    @Override

    public Observable grantNewAccessToken() {

        // Create the network request based on the username, the password and the grant type.

        // You can use Retrofit to make things easier.

    }

}

```

Your manager instance also has a method called `getValidAccessToken(refreshGrant)`. This is probably the main reason we build this library. It firstly checks if the stored access token is expired and then either emits the unexpired one or refreshs it if it is expired using the passed refresh grant. 

Here is an example of an `OAuth2RefreshAccessTokenGrant`.

```java

public class MyOAuth2Grant extends OAuth2RefreshAccessTokenGrant {

    // Constructor

    @Override

    public Observable grantNewAccessToken() {

        // Create the network request based on the grant type and the refresh token.

        // You can use Retrofit to make things easier.

    }

}

```

Mostly you will use the `OAuth2AuthorizationCodeGrant` to authorize the user via a third party service such as Trakt.tv.

The implemention of a grant authorizing with Trakt.tv might look as following:

```java

public final class TraktTVAuthorizationCodeGrant extends OAuth2AuthorizationCodeGrant {

    public String clientSecret;

    @Override

    public Uri buildAuthorizationUri() {

        return Uri.parse("https://trakt.tv/oauth/authorize")

                .buildUpon()

                .appendQueryParameter("client_id", clientId)

                .appendQueryParameter("redirect_uri", redirectUri)

                .appendQueryParameter("response_type", RESPONSE_TYPE).build();

    }

    @Override

    public Observable exchangeTokenForCode(String code) {

        // Create the network request based on the grant type, clientSecret and the retrieved code.

        // You can use Retrofit to make things easier.

    }

}

```

Using that grant with an Android WebView might look like this (please note that we use [Retrolambda](https://github.com/evant/gradle-retrolambda) here):

```java

// Create the grant

TraktTVAuthorizationCodeGrant grant = new TraktTVAuthorizationCodeGrant();

grant.clientSecret = "secret"

grant.clientId = "id"

grant.redirectUri = "uri"

// Set up web view loading

webView.setWebViewClient(new WebViewClient() {

 	

 	@Override

    public void onPageFinished(WebView view, String url) {

    	super.onPageFinished(view, url);

		// Tell the grant we loaded an url

        grant.onUrlLoadedCommand.onNext(Uri.parse(url));

    }

});

// Load the authorization url once build

grant.authorizationUri()

    .map(Uri::parse)

	.observeOn(AndroidSchedulers.mainThread())

	.subscribe(myWebView::load)

// Start the authorization process

grant.grantNewAccessToken()

	.subscribe(token -> Log.d("Heimdall", "New token: " + token))

```

## Sample Application

Please also check out our sample application which performs an authorization against [trakt.tv](https://trakt.tv/) and displays a simple list of the user's watchlists.

**Note:** In order to build the sample by yourself you have to [create a new application on trakt.tv](https://trakt.tv/oauth/applications/new) and add the credentials wherever `TraktTvAPIConfiguration.java` is used.

## About

Heimdall was built by [trivago](http://www.trivago.com) :factory:

## License

Heimdall is licensed under Apache Version 2.0.