Android - best practices for authorization

StackOverflow https://stackoverflow.com/questions/17303137

  •  01-06-2022
  •  | 
  •  

Question

I am researching how to autenticate and authorize user within Android application

For autentication there is the AccountManager but I am not sure how to check whether the user is signed in or not. I know how to set up AccountAuthenticatorActivity and AuthenticatorService but I am not sure how its connected with the application.

Am I supposed to call some check on every onCreate in every activity to ensure that the user is signed in or does the service does that for me somehow?

If I am supposed to do some regular checking, what is the best practice towards where such checking should be called?

Was it helpful?

Solution

It depends on your application, really. Unless you have a requirement for very strict security, like a financial application, government application, etc. I think you could get by with a simpler approach. For example, after a user logs in (however you choose to implement this) store a value in SharedPreferences to denote the user has authenticated. From here, you could do one of the following:

  1. If your application requires you authenticate every activity/fragment you launch, simply check this SharedPreferences value. You could also create a base activity that all your other activities extend and do your authentication check there.
  2. If you only need to authenticate once, modify your launcher activity in your manifest to check for this value. If the user has authenticated already, create a new Intent for your 'home' activity and redirect your user and finish() the launcher activity.

OTHER TIPS

As always, it depends. Do you need to protect the whole app? or some particular activities or some fragment in some activities. Take a look at Mint app.

enter image description here

It asks the user to enter pass code to access app. For something like this, create a base activity and make all activities in your app inherit this and do the checking in the base activity.

  • If you need to secure just some activities, create a base activity just for these activities and do your security check there.

  • If it is for some portion of an activity, You have to roll up something specific for your workflow.

Just a tip, Try to split your question into smaller problems, it makes easier for people to answer.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top