Authentication within the Tapkey ecosystem is based on OpenID Connect. To authenticate against the Tapkey Trust Service, a valid OpenID Connect ID token is required. Tapkey supports multiple identity providers and different tenants might support different identity providers. Authentication involves the following tasks:
- The identity provider of choice is registered in the Tapkey Trust Service and has been assigned a Tapkey-internal Identity Provider ID (often referred to as
ipId). By default, following Identity Provider IDs are supported:
com.google: Authentication using Google Accounts.
com.auth0: The default Tapkey ID. Refer to this value via the constant
- Create an implementation of the
IdentityProviderinterface for the given identity provider and register it with the instance of
IdentityProviderRegistrationavailable via the
TapkeyServiceFactory. To use the Tapkey ID, use the
TapkeyIdentityProviderImplclass. When using a custom
IdentityProviderthe following methods need to be implemented:
refreshToken(): Called by the Tapkey Mobile SDK on token expiration. The implementation should try to refresh the token and return an updated ID token.
logOutAsync(): Called by the Tapkey Mobile SDK if a user should be logged off. This happens e.g. if an expired ID token cannot be refreshed.
- Let the user authenticate against an OpenID Connect identity provider and retrieve an ID token.
UserManager.authenticateAsync()and pass the Identity Provider ID and OpenID Connect token to authenticate the user against the Tapkey Trust Service.
See the sample app provided with the Tapkey Mobile SDK for an example of how to use the
Auth0PasswordIdentityProvider. To use the
Auth0PasswordIdentityProvider a additional Library must be loaded.