search

box / box-android-sdk

Apache License 2.0
62 stars 74 forks source link

Authenticate silently #417

Closed tef-github closed 4 years ago

tef-github commented 4 years ago

Hello,

I am using the box-android-sdk and I was looking for a way to let users view files without showing the Login Screen.

I believe this is possible through the OAuth2.0 JWT authentication. If I understand correctly, once the config.json file is generated, the app can use that to authenticate silently, without showing the Login Screen. Given that the users shouldn't necessarily be box-users.

But I was only able to find the implementation of this in the box-java-sdk not in box-android-sdk. https://github.com/box/box-java-sdk/blob/master/doc/authentication.md#server-authentication-with-jwt

Is there a way to authenticate silently the same way with JWT config.json in the box-android-sdk?

Thanks in advance.

doncung commented 4 years ago

Jwt logic is meant to be done server side to ensure security for the token. The purpose for jwt is for customers to manage their own users so you might create your own login page for instance and tie it to your own authentication mechanisms.

On Sat, Jan 4, 2020, 3:25 PM teferio notifications@github.com wrote:

Hello,

I am using the box-android-sdk and I was looking for a way to let users view files without showing the Login Screen.

I believe this is possible through the OAuth2.0 JWT authentication. If I understand correctly, once the config.json file is generated, the app can use that to authenticate silently, without showing the Login Screen. Given that the users shouldn't necessarily be box-users.

But I was only able to find the implementation of this in the box-java-sdk not in box-android-sdk.

https://github.com/box/box-java-sdk/blob/master/doc/authentication.md#server-authentication-with-jwt

Is there a way to authenticate silently the same way with JWT config.json in the box-android-sdk?

Thanks in advance.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/box/box-android-sdk/issues/417?email_source=notifications&email_token=AAEYOYUS3WKZWQEDK6SINR3Q4ELHRA5CNFSM4KCYN322YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IEBJVTQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEYOYXQ3O7CPHYGUSCV6U3Q4ELHRANCNFSM4KCYN32Q .

tef-github commented 4 years ago

Hello doncung,

Thanks for the Jwt info. I was more concerned with authenticating non-box users silently. Let me rephrase my question to a more clearer sense:

Is there a way in the box API to do silent authentication?

silent authentication: authenticating non-box users without login screen, using some kind of api token, hardcoded in the android app.

doncung commented 4 years ago

You could do that through jwt, but it would require your own server endpoint to associate a box user to one of your users.

On Sat, Jan 4, 2020, 11:50 PM teferio notifications@github.com wrote:

Hello doncung,

Thanks for the Jwt info. I was more concerned with authenticating non-box users silently. Let me rephrase my question to a more clearer sense:

Is there a way in the box API to do silent authentication?

silent authentication: authenticating non-box users without login screen, using some kind of api token, hardcoded in the android app.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/box/box-android-sdk/issues/417?email_source=notifications&email_token=AAEYOYXXGZHA6R5RQCZPHP3Q4GGNLA5CNFSM4KCYN322YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDQWCA#issuecomment-570886920, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEYOYW43MXCTSK4JCS5PK3Q4GGNLANCNFSM4KCYN32Q .

tef-github commented 4 years ago

Thanks doncung,

That's perfect, I will do that on my own server :smiley:
But to connect it to my android app, do I have to use the box-java-sdk?

Couldn't I use the box-android-sdk instead?

I'm asking this because I only see samples of JWT authentication on the box-java-sdk https://github.com/box/box-java-sdk/blob/master/doc/authentication.md#server-authentication-with-jwt

I don't see this available through the box-android-sdk

Thanks in advance.

doncung commented 4 years ago

The box-android-sdk supports an AuthenticationRefreshProvider interface which is designed to hook into your server. If you want to make it silent you would implement launchAuthUi to silently call your server to get a valid access token for your user.

tef-github commented 4 years ago

Thanks!

PJSimon commented 4 years ago

Hi @teferio,

It looks like this issue can be closed, but if you're still having issues, please don't hesitate to re-open it!

Thanks,

Patrick