oauth-kmp

Implements OAuth PKCE flow for Android and iOS, facilitating secure authentication by managing URL schemes, OAuth clients, and handling sign-in callbacks across both platforms.

#viewmodel
#uri
#sdk
#authentication
#apple

Suggest an edit

Android JVMKotlin/Native

GitHub stars2

Authorscollectiveidea

Open issues0

LicenseMIT License

Creation dateover 1 year ago

Last activity4 months ago

Latest release0.1.2 (4 months ago)

GitHub repository Wiki page

OAuth PKCE Flow for Kotlin Multiplatform (Android/iOS)

A Kotlin Multiplatform library for Android and iOS that provides an OAuth PKCE flow implementation.

Installation

⚠️ This is a work-in-progress library that was recently extracted from a reference project. The API is subject to change. Detailed installation instructions need to be written.

In general, the key steps for using this library are:

Configure your iOS and Android apps to have a custom url app scheme (e.g. exampleapp://)
Create an iOS and Android OAuth client on your server (we use Doorkeeper) for the PKCE flow and Redirect URI. Configure your iOS and Android apps with the proper client_id values.
In your shared view model, create/inject a PKCEFlow.
Collect the authState to be notified when the sign in process completes.

Call startSignIn

On Android, in your main activity, override onNewIntent and handle the auth callback. Something like:

override fun onNewIntent(intent: Intent) {
    // Ensure the callbackUrl is for OAuth before processing it as such.
    if (intent.data?.toString()?.startsWith(PKCE_REDIRECT_URL) == true) {
        pkceFlow.continueSignInWithCallbackOrError(dataUrl, null)
    }
}

On iOS, nothing else is needed. The callback is automatically invoked by AuthenticationServices.

When the authState.state is FINISHED, either extract/save the tokens and proceed with sign-in, or present the user with an error message. See, e.g. https://github.com/collectiveidea/oauth-kmp/blob/main/oauth-core/src/commonTest/kotlin/com/collectiveidea/oauth/PKCEFlowTest.kt#L186