|
| 1 | +# Auth0.Android SDK Development Guide |
| 2 | + |
| 3 | +## Architecture Overview |
| 4 | + |
| 5 | +This is a multi-module Android SDK for Auth0 authentication with these key components: |
| 6 | + |
| 7 | +- **`auth0/`** - Main library module containing the core SDK |
| 8 | +- **`sample/`** - Example application demonstrating SDK usage |
| 9 | + |
| 10 | +The SDK follows the Builder pattern for WebAuthentication (see `WebAuthProvider.login()` and `WebAuthProvider.logout()`) and supports both callback-based and coroutine-based APIs. |
| 11 | + |
| 12 | +## Core Components |
| 13 | + |
| 14 | +### Authentication Flow |
| 15 | +- **`WebAuthProvider`** - Primary entry point for web-based auth (Universal Login) |
| 16 | +- **`AuthenticationAPIClient`** - Direct API calls for database connections, passwordless, etc. |
| 17 | +- **`Auth0`** - Main configuration class holding client ID and domain |
| 18 | + |
| 19 | +### Credential Management |
| 20 | +- **`CredentialsManager`** - Basic token storage with automatic refresh |
| 21 | +- **`SecureCredentialsManager`** - Enhanced version with biometric protection |
| 22 | +- **Storage interfaces** - `SharedPreferencesStorage` for persistence |
| 23 | + |
| 24 | +### Provider Architecture |
| 25 | +Authentication providers in `auth0/src/main/java/com/auth0/android/provider/`: |
| 26 | +- Handle browser redirects via `AuthenticationActivity` and `RedirectActivity` |
| 27 | +- Support Custom Tabs, Trusted Web Activity, and fallback browsers |
| 28 | + |
| 29 | +## Development Workflows |
| 30 | + |
| 31 | +### Building & Testing |
| 32 | +```bash |
| 33 | +# Build all modules |
| 34 | +./gradlew clean build |
| 35 | + |
| 36 | +# Run unit tests with coverage |
| 37 | +./gradlew clean test jacocoTestReport |
| 38 | + |
| 39 | +# Run lint checks |
| 40 | +./gradlew lint |
| 41 | + |
| 42 | +# CI command (matches GitHub Actions) |
| 43 | +./gradlew clean test jacocoTestReport lint --continue --console=plain --max-workers=1 --no-daemon |
| 44 | +``` |
| 45 | + |
| 46 | +### Module Structure |
| 47 | +- Use `auth0/build.gradle` for main library dependencies |
| 48 | +- Version management via `gradle/versioning.gradle` reading from `.version` file |
| 49 | +- Publishing configuration in `gradle/maven-publish.gradle` |
| 50 | + |
| 51 | +### Testing Patterns |
| 52 | +- **Unit tests** use Robolectric for Android components |
| 53 | +- **Mock testing** with PowerMock, Mockito, and MockWebServer for HTTP |
| 54 | +- **Coroutine testing** with `kotlinx-coroutines-test` |
| 55 | +- Test files follow `*Test.kt` convention in `auth0/src/test/` |
| 56 | + |
| 57 | +## Project-Specific Conventions |
| 58 | + |
| 59 | +### Error Handling |
| 60 | +- Custom exceptions inherit from `Auth0Exception` |
| 61 | +- `AuthenticationException` for auth-related errors |
| 62 | +- `CredentialsManagerException` for storage/retrieval issues |
| 63 | + |
| 64 | +### Callback Pattern |
| 65 | +```kotlin |
| 66 | +// Standard callback pattern used throughout |
| 67 | +val callback = object : Callback<Credentials, AuthenticationException> { |
| 68 | + override fun onSuccess(result: Credentials) { /* ... */ } |
| 69 | + override fun onFailure(error: AuthenticationException) { /* ... */ } |
| 70 | +} |
| 71 | +``` |
| 72 | + |
| 73 | +### Coroutine Support |
| 74 | +Most APIs offer both callback and suspend function variants: |
| 75 | +```kotlin |
| 76 | +// Callback style |
| 77 | +WebAuthProvider.login(account).start(context, callback) |
| 78 | + |
| 79 | +// Coroutine style |
| 80 | +val credentials = WebAuthProvider.login(account).await(context) |
| 81 | +``` |
| 82 | + |
| 83 | +### Configuration Management |
| 84 | +- **Manifest placeholders** required: `auth0Domain` and `auth0Scheme` in `build.gradle` |
| 85 | +- **String resources** pattern: `com_auth0_client_id` and `com_auth0_domain` |
| 86 | +- **URL scheme validation** for redirect handling |
| 87 | + |
| 88 | +### SDK Versioning |
| 89 | +- Version stored in `.version` file at project root |
| 90 | +- Gradle reads version via `getVersionFromFile()` function |
| 91 | +- BuildConfig fields auto-generated with library name and version |
| 92 | + |
| 93 | +## Key Integration Points |
| 94 | + |
| 95 | +### Browser Integration |
| 96 | +- Custom Tabs preferred, with fallback to system browser |
| 97 | +- **App Links** support for `https://` schemes (recommended over custom schemes) |
| 98 | +- **Trusted Web Activity** for native-like web auth experience |
| 99 | + |
| 100 | +### Android Components |
| 101 | +- Activities handle auth redirects and state management |
| 102 | +- **Biometric authentication** via AndroidX Biometric library |
| 103 | +- **Credential Manager** integration for Android 14+ passkey support |
| 104 | + |
| 105 | +### Network Layer |
| 106 | +- **OkHttp** for all HTTP communication |
| 107 | +- **Gson** for JSON serialization |
| 108 | +- Custom `NetworkingClient` interface for request handling |
| 109 | + |
| 110 | +### Security Features |
| 111 | +- **PKCE** (Proof Key for Code Exchange) enabled by default |
| 112 | +- **DPoP** (Demonstration of Proof of Possession) support for enhanced security |
| 113 | +- **JWT validation** with configurable options |
| 114 | + |
| 115 | +## Common Patterns |
| 116 | + |
| 117 | +When adding new authentication methods, follow the established patterns: |
| 118 | +- Implement both callback and coroutine APIs |
| 119 | +- Add comprehensive unit tests with mocked network responses |
| 120 | +- Update `EXAMPLES.md` with usage documentation |
0 commit comments