Skip to content


Authentication within the Tapkey ecosystem is based on OpenID Connect. To authenticate against the Tapkey Trust Service, a valid OpenID Connect ID token is required. Tapkey supports multiple identity providers and different tenants might support different identity providers. Authentication involves the following tasks:

  • The identity provider of choice is registered in the Tapkey Trust Service and has been assigned a Tapkey-internal Identity Provider ID (often referred to as ipId). By default, following Identity Provider IDs are supported:
    • Authentication using Google Accounts.
    • com.auth0: The default Tapkey ID. Refer to this value via the constant
  • Create an implementation of the IdentityProvider interface for the given identity provider and register it with the instance of IdentityProviderRegistration available via the TapkeyServiceFactory. To use the Tapkey ID, use the TapkeyIdentityProviderImpl class. When using a custom IdentityProvider the following methods need to be implemented:
    • refreshToken(): Called by the Tapkey Mobile SDK on token expiration. The implementation should try to refresh the token and return an updated ID token.
    • logOutAsync(): Called by the Tapkey Mobile SDK if a user should be logged off. This happens e.g. if an expired ID token cannot be refreshed.
  • Let the user authenticate against an OpenID Connect identity provider and retrieve an ID token.
  • Invoke UserManager.authenticateAsync() and pass the Identity Provider ID and OpenID Connect token to authenticate the user against the Tapkey Trust Service.


See the sample app provided with the Tapkey Mobile SDK for an example of how to use the Auth0PasswordIdentityProvider. To use the Auth0PasswordIdentityProvider a additional Library must be loaded.