Android

A Guide to Email-Password Authentication for Android Apps

Pinterest LinkedIn Tumblr

Summary: This tutorial provides guidance on how to integrate email and password authentication for Android applications built with QuickBlox. Gain the skills to implement a secure and widely recognized login system, enhancing your app’s functionality.

Table of Contents

Introduction

Building an engaging Android application often hinges on seamless user experience. A crucial aspect of this experience is secure and convenient user login. Ensuring the security of user data and maintaining user privacy are paramount concerns in app development. Authentication, the process of verifying the identity of users, plays a crucial role in addressing these concerns. Authentication mechanisms not only safeguard sensitive user information but also provide a seamless and secure user experience. Email and password authentication stand out as one of the most widely used and user-friendly approaches

This tutorial will demonstrate how to integrate this authentication method using QuickBlox, a robust platform for real-time communication and data management. It will explain the role of the Authorization Server in the authentication process and provide insights into integrating authentication mechanisms using QuickBlox. By following this guide, you’ll equip your app with a robust authentication system that fosters trust and encourages user retention.

Looking for an alternative authentication method? Check out, A Guide to Phone Number Authentication for Android Apps

Let’s Get Started!

1. Create a New Project in Android Studio

The initial step in crafting your mobile application involves creating an Android project. This foundational process establishes the groundwork for integrating various functionalities, including authentication.

As the official Integrated Development Environment (IDE) for Android, Android Studio provides all the necessary tools for application development.
Here’s a step-by-step guide to creating a new project in Android Studio:

  1. Open Android Studio on your computer.
  2. Click on “New Project” from the welcome screen.
  3. Choose the “Empty Activity” template and click “Next.”
  4. Enter the name of your application, the package name (e.g., com.example.myapp), and the location to save your project.
  5. Select the language (Java or Kotlin) and the minimum SDK version for your app.
  6. Click “Finish” to create your project.

2. Create a project in the QuickBlox admin panel

Next you’ll need to use your QuickBlox Account and initiate a project so that you can access QuickBlox real-time communication functionality for your application.

  1. Sign-up for a QuickBlox account if you don’t already have one. You can sign in with either your Google or GitHub account.
  2. To create an app, click the ‘New app‘ button.
  3. Input the necessary information about your organization into the corresponding fields and click ‘Add‘.
  4. To get your Application ID, Authorization Key, Authorization Secret, and Account Key go to the ‘Overview‘ section of your app in the Dashboard. Don’t forget to ensure that you securely store your app credentials for future utilization within your application.

For a more detailed description of getting started on QuickBlox, read our official documentation.

3. Integration with Authorization Server

The authorization server is a specialized server responsible for verifying user credentials,such as email and password, and granting permissions to access the application. It plays a pivotal role in ensuring security and safeguarding data, overseeing the user authentication process, and providing access only to authorized users.

For detailed information on its functionality and the integration process, check out our Authorization Server implementation documentation.

3.1 Integrating OkHttp with the Authorization Server

You’ll now need to integrate OkHttp with the authorization server. OkHttp is a popular open-source library for Java and Android applications that simplifies making HTTP requests and handling responses. In other words, it helps your app talk to web servers efficiently.

Leveraging libraries such OkHttp provides a handy methodology to interface with the Authorization Server and facilitate data exchange.

The following example demonstrates how the OkHttp library can be integrated with the Authorization Server.

In the RestSource class, there’s a method called getQBTokenFromAuthServer, which is designed to send a request to the Authorization Server to obtain a QuickBlox token based on the provided email and password.

The buildRequestBody method is responsible for creating the request body, which includes the email and password in JSON format. Then, the buildAuthorizationRequest function constructs a Request object for the Authorization Server, specifying the URL and content type.

Additionally, the buildClient method creates an OkHttp client with timeout configurations.

After receiving a response from the Authorization Server, the b function is called to extract the QuickBlox token from the JSON response.

This example demonstrates a simple way to interact with an Authorization Server using OkHttp in Kotlin.

class RestSource {
   fun getQBTokenFromAuthServer(email: String, password: String): String {
       try {
           val requestBody = buildRequestBody(email, password)
           val request = buildAuthServerRequest(requestBody)

           val response = buildClient().newCall(request).execute()

           val isNotSuccessfulResponse = response.isSuccessful
           if (isNotSuccessfulResponse) {
              // Handle error
           }

           val body = response.body?.string()
           if (body?.isBlank() == true) {
               throw Exception("The response without answer content")
           }

           return parseAnswerFrom(body!!)
       } catch (exception: Exception) {
           throw Exception("${exception.message}")
       }
   }

   private fun buildRequestBody(email: String, password: String): RequestBody {
       val requestJsonObject = JSONObject()
       requestJsonObject.put("email", email)
       requestJsonObject.put("password", password)

       val body: RequestBody = requestJsonObject.toString().toRequestBody()

       return body
   }

   private fun buildAuthServerRequest(requestBody: RequestBody): Request {
       val request = Request.Builder().url("https://api-url/session/email")
           .addHeader("Content-Type", "application/json")
       request.post(requestBody)

       return request.build()
   }

   private fun buildClient(): OkHttpClient {
       val clientBuilder: OkHttpClient.Builder =
           OkHttpClient.Builder()
                  .connectTimeout(20,TimeUnit.SECONDS)
                  .writeTimeout(20, TimeUnit.SECONDS)
                  .readTimeout(20, TimeUnit.SECONDS)


       return clientBuilder.build()
   }


   private fun parseAnswerFrom(body: String): String {
       val json = JSONObject(body)
       val session = (json.get("session") as JSONObject)
       val token = session.get("token")

       val result = token.toString()

       return result
   }
}

4. Authorization in QuickBlox

Once the QuickBlox token is obtained from the Authorization Server, the subsequent step involves its utilization for authentication within the QuickBlox Android SDK. To accomplish this task, developers can employ the signInToQuickBloxWithEmailAndPassword method. This method facilitates authentication by accepting the user’s email and password as parameters and delivers a QuickBlox session object upon successful authentication.

private fun signInToQuickBloxWithEmailAndPassword(email: String, password: String): QBSession? {
    try {
        // Obtaining the QuickBlox token from the auth server
        val qbToken = RestSource().getQBTokenFromAuthServer(email, password)
        
        // Authenticating in QuickBlox using the obtained token
        return QBAuth.startSessionWithToken(qbToken).perform()
    } catch (exception: Exception) {
        // Handling possible errors
        return null
    }
}

The signInToQuickBloxWithEmailAndPassword method operates by initiating a request to the Authorization Server, transmitting the user’s email and password to obtain the QuickBlox token. Subsequently, this token is utilized for authentication within the QuickBlox ecosystem. Upon successful authentication, the method furnishes a QuickBlox session object, empowering seamless interaction with the QuickBlox API.

In the event of any encountered errors during the authentication process, the method implements error handling mechanisms to effectively manage and address them. This ensures the reliability and robustness of the authentication workflow, thereby enhancing the overall user experience and application performance.

Conclusion

Implementing authentication for QuickBlox Android apps using email and password offers a secure and user-friendly approach to safeguarding user data and ensuring privacy. By integrating email and password authentication mechanisms, developers can enhance the security of their applications while providing users with a familiar and accessible login experience.

Vishal Swami is a hardcore Android programmer and Android programming has been his passion since he compiled his first hello-world program. Solving real problems of Android developers through tutorials has always been an interesting part for him.