I’m building a native Android app for a small group of users. As I only want intended users to authenticate and use, I’m opting for Username and Password login (Auth0 Database) with disabling Signing Up feature.
The Android app is supposed to talk to an API whose methods should be authenticated only.
I’m new to Auth0 ecosystem and it’s a bit overwhelming about how to start.
Things I’ve done till now:
- Created an API project
- Created an android native client
Questions:
- Should I follow Auth0 Android SDK Quickstarts: Login and create a login activity on my Android app?
- How to connect the API project with android native client? The API section says ‘for native clients, you need Authorization Code Grant Flow with PKCE’. Is this not done with the link in 1)?
There’s a couple of ways to achieve that. If you choose to make use of Lock Android then see the answer to your other question: Android Lock with database authentication and API Authorization - Auth0 Community
In relation to the use of PKCE, this is indeed the general recommended approach for native application to obtain tokens as part of authentication/authorization requests performed under the rules of OpenID Connect/OAuth2. It’s not the only option, but it’s the one that covers most scenarios; for example, in very specific circumstances where a user authenticates with custom username/password credentials specific to the application itself it may be sufficient to use resource owner password grant.
Would be really useful if you added an example and point to URL for how to do this.