turbo-garbanzo

AppAuth for Android is a client SDK for OAuth 2.0 and OpenID Connect providers, mapping specification requests/responses while adhering to Android's style. It offers convenience methods for tasks like refreshing tokens. Following RFC 8252, it uses Custom Tabs for authorization, explicitly avoiding WebView for usability and security. It supports the PKCE extension for securing authorization codes in public clients.

The library is available on MavenCentral. It requires Android API 16+ and prefers browsers with Custom Tabs. It works with any Authorization Server supporting native apps via custom URI schemes or App Links. A demo app is included for reference.

AppAuth encapsulates user authorization state in the AuthState class and communicates via the AuthorizationService class. AuthState is persistable as JSON. User authorization occurs via the browser using AuthorizationRequest instances dispatched by AuthorizationService. Token requests follow a similar pattern. performActionWithFreshTokens() refreshes tokens as needed.