Android Sso (single Sign-on) For App

Is there any free single-signon mechanism for Android that gracefully works with non-webapps? Say, something along the lines of... You launch my app and use it until it makes a re

Solution 1:

Have you tried or think of using Firebase? https://firebase.google.com/docs/auth/?hl=es-419

It has some useful tools, you can sign-in with multiple social connectors and user/password as well, and they provide a library to integrate the whole UI and server flow, they even take advantage of google smart lock for you.

Take a look at https://github.com/firebase/FirebaseUI-Android I used it in a personal project and saved me a lot of time.

Solution 2:

What you described in Alternatively section looks like Authorization Code using Proof Key for Code Exchange (PKCE) OAuth 2.0 grant

https://www.rfc-editor.org/rfc/rfc7636

The flow is the following:

1. Your app generates a random key (code_verifier) and it's transformed value (code_challenge) and navigates to authorization server with code_challenge as a parameter
2. Authorization server redirects back to your app with authorization code
3. Your app sends authorization_code and the code_verifier to the auth server to get the authorization token
4. Server uses authorization_code and the code_verifier (it already has code_challenge, so it can verify that code_verifier is correct) and then returns to your app with the token.

On the practical side of it you can use something like Auth0 to implement it in your app.

Solution 3:

Use Android Account Manager for SSO. Providing references below just for knowledge. You have to dig into account manager. Android developer: https://developer.android.com/training/id-auth Blog with example: https://www.zoftino.com/android-account-manager-&-create-custom-account-type