Integrate With Beyond Identity
This guide describes how to use Beyond Identity for authentication during an OAuth2 authorization flow.
Prerequisites
Before calling EmbeddedSdk.authenticate(), we must authorize using Beyond Identity.
Authorize With Beyond Identity
- Step 1: Configuring the Authenticator Config
Make sure the Authentication Config in the Beyond Identity Console is set to type Embedded and that the Invoke URL points to your application with either an App Scheme or a Universal Link.
- Step 2: Beyond Identity Authorize URL
To start the authorization flow, launch a WebView, and load the Oauth2 Authorization Request URL you built in the pre-requisite step.
val webView = WebView(activity)
...
webView.loadUrl(BI_AUTH_URL)
- Step 3: Invoke URL
Create a WebViewClient and override shouldOverrideUrlLoading. A URL with the Invoke URL scheme should be returned from Beyond Identity. When the webpage loads the URL, call EmbeddedSdk.authenticate(). You can confirm the validity of the URL with EmbeddedSdk.isAuthenticateUrl().
webView.webViewClient = object : WebViewClient() {
override fun shouldOverrideUrlLoading(
view: WebView?,
request: WebResourceRequest?,
): Boolean {
request?.url?.let { invokeUrl ->
if (EmbeddedSdk.isAuthenticateUrl(invokeUrl.toString())) {
EmbeddedSdk.authenticate(
invokeUrl.toString(),
...
) {
...
}
return true
}
}
return super.shouldOverrideUrlLoading(view, request)
}
}
- Step 4: Redirect URL
To complete the authorization flow, launch another WebView, and load the redirectUrl returned from a successful AuthenticateResponse. The authorization code and state parameter are attached to this URL.
EmbeddedSdk.authenticate(
invokeUrl.toString(),
object : ((List<Credential>, (String?) -> Unit) -> Unit) {
override fun invoke(p1: List<Credential>, p2: (String?) -> Unit) {}
}
) { result ->
result.onSuccess { authenticateResponse ->
authenticateResponse.redirectUrl?.let { redirectUrl ->
val webView = WebView(activity)
webView.webViewClient = object : WebViewClient() {
override fun shouldOverrideUrlLoading(
view: WebView?,
request: WebResourceRequest?,
): Boolean {
request?.url?.scheme?.let { scheme ->
if (scheme == CALLBACK_URL_SCHEME) {
// This URL contains authorization code and state parameters
// Exchange the authorization code for an id_token using Beyond
// Identity's token endpoint.
return true
}
}
return super.shouldOverrideUrlLoading(view, request)
}
}
webView.loadUrl(redirectUrl)
}
}
}
Full Example
val webView = WebView(activity)
webView.webViewClient = object : WebViewClient() {
override fun shouldOverrideUrlLoading(
view: WebView?,
request: WebResourceRequest?,
): Boolean {
request?.url?.let { invokeUrl ->
if (EmbeddedSdk.isAuthenticateUrl(invokeUrl.toString())) {
EmbeddedSdk.authenticate(
invokeUrl.toString(),
object : ((List<Credential>, (String?) -> Unit) -> Unit) {
override fun invoke(p1: List<Credential>, p2: (String?) -> Unit) {}
}
) { result ->
result.onSuccess { authenticateResponse ->
authenticateResponse.redirectUrl?.let { redirectUrl ->
val newWebView = WebView(activity)
newWebView.webViewClient = object : WebViewClient() {
override fun shouldOverrideUrlLoading(
view: WebView?,
request: WebResourceRequest?,
): Boolean {
request?.url?.scheme?.let { scheme ->
if (scheme == CALLBACK_URL_SCHEME) {
// This URL contains authorization code and state parameters
// Exchange the authorization code for an id_token using your app's token endpoint.
return true
}
}
return super.shouldOverrideUrlLoading(view, request)
}
}
newWebView.loadUrl(redirectUrl)
}
}
}
return true
}
}
return super.shouldOverrideUrlLoading(view, request)
}
}
webView.loadUrl(BI_AUTH_URL)