A demo mobile app using OpenID Connect, which aims for the best usability and reliability.
The app is a simple UI with some basic navigation between views, to render fictional investment resources.
Its data is returned from an OAuth-secured API that uses claims-based authorization.
The app uses user attributes from both the OpenID Connect userinfo endpoint and its API.
Open the app in Android Studio and run the app on an emulator or device.
This triggers an OpenID Connect code flow to authenticate the user with the AppAuth pattern.
Logins run in a Chrome Custom Tab browser and the app cannot access the user's credentials:
You can login to the app using my AWS Cognito test account:
- User: [email protected]
- Password: GuestPassword1
The app receives the login response using a claimed HTTPS scheme redirect URI, in the most secure way.
Android App Links enables the claimed HTTPS scheme redirect URI and requires a cloud hosted deep linking assets file.
Interstitial web pages ensure a user gesture after login and logout, so that responses return to the app reliably.
After login you can test all lifecycle operations, including token refresh, expiry events and logout.
- See the API Journey - Client Side for further information on the app's behaviour.
- See blog posts for further details specific to the Android app, starting in the Code Sample Overview.
- The app's code uses Kotlin and its views use Jetpack Compose.
- AppAuth-Android implements the code flow with PKCE.
- AWS Serverless or Kubernetes host remote API endpoints that the app calls.
- AWS Cognito is the default authorization server for the mobile app and API.
- Android shared preferences stores tokens on the device and isolates this data from other apps.
- AWS S3 and Cloudfront serve mobile deep linking asset files and interstitial web pages.