Authentication¶

The Mobile SDK takes an access token issued by Tapkey to log in users within the SDK. The Mobile SDK supports multiple users being logged in at the same time. Getting an access token from Tapkey is up to the implementing application and can be achieved in multiple ways.

Retrieving an Access Token¶

When using the Tapkey Mobile SDK only external users can be used for authentication. Therefore an Identity Provider must be implemented and registered.

The signed JWT Token has to be exchanged via the Token Exchange flow to retrieve a Tapkey Access Token.

Retrieving an access token from Tapkey is task of the implementing application and outside the scope of the Tapkey Mobile SDK. It is strongly recommended to use an existing OAuth library rather than implementing one of the authorization flows from scratch.¹

Logging in a User¶

Once an access token has been retrieved, it has to be passed to the SDK to log in a user:

Promise<String> userId = userManager.logInAsync(accessToken, cancellationToken);

let userId: TkPromise<String> = userManager.logInAsync(
    accessToken: accessToken,
    cancellationToken: TKMCancellationTokens.None)

Refreshing an Access Token¶

Prior to logging in users, a token refresh handler must be registered with the TapkeyServiceFactory. The token refresh handler will be called every time a user's access token has expired and needs to be refreshed.

// In Application.onCreate():
TapkeyServiceFactoryBuilder b = new TapkeyServiceFactoryBuilder(this);
b.setTokenRefreshHandler(new TokenRefreshHandler() { ... });
b.build();

// Build service factory in AppDelegate's willFinishLaunchingWithOptions
self.tapkeyServiceFactory = TKMServiceFactoryBuilder()
    .setTokenRefreshHandler(SampleTokenRefreshHandler())
    .build()

Logging Out a User¶

Promise<Void> result = userManager.logOutAsync(userId, CancellationTokens.None);

_ = userManager.logOutAsync(userId: userId, cancellationToken: TKMCancellationTokens.None)