Do Authentication in Android using Custom Chrome Tab(CCT)

I was developing my Movie surfing android app and wanted to add the TMDB user sessions for the app. To do so the doc described by the TMDB you will need to implement OAuth flow to access the session ID of the user. Best thing is that this process is secure and the user doesn’t need to enter the password in the app itself, user will redirect to the web URL and then he authenticates our app. Lets see how to implement the same.

Their are 3 steps mentions in the doc

  1. Create a new request token
  2. Get the user to authorize the request token
  3. Create a new session id with the authorized request token

I will not dig into all step’s in details. Step no 2 comes under this section.

You need link to authorize the user. In TMDB api’s case the link will be like https://www.themoviedb.org/authenticate/{requestToken}?redirect_to=anything://auth_callback_anything . The important part in this link is redirect_to parameter which is URL you need specify which will redirect to when user will allow or deny the permission to you app/website. Lets look at the URL closely in below image.

activity intent filter and redirect to URL schema

Intent filter action should be view and categories default and browsable so that browser able to know that this activity from app can handle the links mentioned in the data part.

To open the request token url(https://www.themoviedb.org/authenticate/{requestToken}?redirect_to=anything://auth_callback_anything) either you can open in default web browser or web view or custom chrome tab(CCT). I choose the CCT because it feels like it open in our app itself you can customize it seamlessly. To implement the CCT use dependency.

dependencies {
...
compile 'com.android.support:customtabs:25.3.1'
}

By using below code you can open link in CCT.

connection = new CustomTabsServiceConnection() {
@Override
public void onCustomTabsServiceConnected(ComponentName componentName, CustomTabsClient client) {
        CustomTabsIntent.Builder builder = new CustomTabsIntent.Builder();
CustomTabsIntent intent = builder.build();
client.warmup(0L); // This prevents backgrounding after redirection
intent.launchUrl(LoginActivity.this, uri);//pass the url you need to open
}

@Override
public void onServiceDisconnected(ComponentName name) {

}
};
CustomTabsClient.bindCustomTabsService(context, "com.android.chrome", connection);//mention package name which can handle the CCT their many browser present.

If chrome is not installed on the phone you can track if and open the link default browser it works fine. When user goes to the link and allow the permission after login then it will go to redirect_link and it will open activity by comparing the intent filter. Your acitivity should overide the OnNewIntent() so that it handle the return data by the browser.

@Override
protected void onNewIntent(Intent intent) {
super.onNewIntent(intent);
String action = intent.getAction();
String data = intent.getDataString();parse this to get the data
if (Intent.ACTION_VIEW.equals(action) && data != null) {
try{

}
} catch (Exception e) {
e.printStackTrace();
}
}

Their one library present which do the same but it has some limitation(min SDK 16).

Some useful links:).

Do checkout my app please bare it Its in early phase.:)