An extended Android AppAuth code example using authenticated Dynamic Client Registration.
This improves the mobile app's security as described in Mobile Best Practices.
The Tutorial Walkthrough explains the complete configuration and behavior.
The easiest way to run the code example is via an automated script as explained in the Mobile Setup Article:
- Copy a license.json file into the code example root folder
- Edit the
./start-idsvr.sh
script to use either a local Docker URL on an ngrok internet URL - Run the script to deploy a preconfigured Curity Identity Server via Docker
- Build and run the mobile app from Android Studio
- Sign in with the preconfigured user account
demouser / Password1
- Run
./stop-idsvr.sh
when you want to free Docker resources
When the user first runs the app there is a prompt to authenticate.
This gets an initial access token with the dcr
scope.
This is then used to create a Dynamic Client, which returns a Client ID and Client Secret.
The user must then authenticate again, and this is automatic via Single Sign On.
On all subsequent authentication requests the user only needs to sign in once:
Once authenticated, the user is moved to the authenticated view.
The demo app simply allows other OAuth lifecycle events to be tested.
To view all registered mobile instances, first connect to the Identity Server's SQL database:
export DB_CONTAINER_ID=$(docker container ls | grep curity-data | awk '{print $1}')
docker exec -it $DB_CONTAINER_ID bash -c "export PGPASSWORD=Password1 && psql -p 5432 -d idsvr -U postgres"
Then query the details of the dynamically registered mobile clients:
select * from dynamically_registered_clients;
Please visit curity.io for more information about the Curity Identity Server.