OAuth2 in Android — Authorization Code Flow

OAuth is an open standard for secure authentication, commonly used to grant websites or applications access to information on other platforms without giving them the passwords.

This article shows the technical implementation of an OAuth2 Authentication on Android, using the Authorization Code Flow.
It uses Twitch as OAuth Provider but it can be applied to any other API following the OAuth2 standard.

To learn about the structure and reasoning behind the OAuth standard please check out this great post by Takahiko Kawasaki.
To learn about all the different OAuth2 Authorization Flows and its steps check out this awesome article by that same author.

Overview

This Article is divided into the following parts:

1. Obtain an authorization code from the OAuth provider using a WebView.
2. Use the previous code to obtain the access token and refresh token with a networking library (Ktor).
3. [Recurring]: When the access token expires, use the refresh token to obtain a new one, or redirect the user to step 1.

Part 1. Getting the Authorization Code