Easy-to-Integrate Huawei System Integrity Check – Helping You Protect Your Apps from Unsafe Devices
Running apps on an unsafe device, for example, a rooted or unlocked device, can pose serious security risks. On an unsafe device, viruses, Trojan horses, and other malicious software may exploit the root permission to implant viruses, tamper with device information, and damage the system. Therefore, there is a real need to protect your apps from being run on unsafe devices. To meet such a need, Huawei offers Safety Detect, which provides the SysIntegrity API for system integrity check. This API can check whether a device running your app is unsafe, for example, due to the device being rooted or unlocked.
I. Service Introduction
The SysIntegrity API has the following features:
1. TEE-based system integrity check results: The API evaluates the integrity of a system during its secure boot in the Trusted Execution Environment (TEE) and will dynamically evaluate the system integrity. The check results are highly reliable.
2. Secure and reliable system integrity check results: The system integrity check results are signed using the signing certificate and cannot be tampered with.
(1) The Safety Detect SDK integrated with your app calls the SysIntegrity API.
(2) Safety Detect requests the signed check results from the Trusted Security Management Service (TSMS) server.
(3) Your app requests the check results.
II. Scenarios
Currently, developers of apps in the finance, entertainment, lifestyle, news, and other categories have integrated the SysIntegrity API into their apps.
A financial app can integrate SysIntegrity to improve transaction security. For example, the app can check whether the device is secure when a user enters the Card Verification Code (CVC) of their credit card. If the device is unsafe, the app will be stopped on the device to ensure no unsafe transactions can occur.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
A lifestyle or news app can integrate SysIntegrity to prevent malicious attacks, ensuring security of in-app operations such as payment.
A video entertainment app can integrate SysIntegrity to help protect copyrighted content. When a user registers an account on the app and watches or downloads video content, SysIntegrity can help ensure that this being done on a device that is trusted by the content provider.
III. Code Development
1 Configuring App Information in AppGallery Connect
Before you start developing an app, configure app information in AppGallery Connect.
For details, please visit https://developer.huawei.com/consumer/en/doc/HMSCore-Guides-V5/config-agc-0000001050416303-V5?ha_source=hms1
2 Configuring the Maven Repository Address for the HMS Core SDK
2.1 Open the build.gradle file in the root directory of your Android Studio project.
2.2 Add the AppGallery connect plug-in and the Maven repository.
Go to allprojects > repositories and configure the Maven repository address for the HMS Core SDK.
Code:
allprojects {
repositories {
google()
jcenter()
maven {url 'https://developer.huawei.com/repo/'}
}
}
Go to buildscript > repositories and configure the Maven repository address for the HMS Core SDK.
Code:
buildscript {
repositories {
google()
jcenter()
maven {url 'https://developer.huawei.com/repo/'}
}
}
Go to buildscript > dependencies and add dependency configurations.
Code:
buildscript{
dependencies {
classpath 'com.huawei.agconnect:agcp:1.3.1.300'
}
}
3 Creating a SafetyDetectClient Instance and Generating a Nonce Value
Code:
// Create a SafetyDetectClient instance.
SafetyDetectClient mClient = SafetyDetect.getClient(MainActivity.this);
// Generate a nonce value.
byte[] nonce = new byte[24];
try {
SecureRandom random;
if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
random = SecureRandom.getInstanceStrong();
} else {
random = SecureRandom.getInstance("SHA1PRNG");
}
random.nextBytes(nonce);
} catch (NoSuchAlgorithmException e) {
Log.e(TAG, e.getMessage());
}
4 Creating a Check Result Listener
Code:
// Implement the OnSuccessListener API and obtain the check result from onSuccess
protected class SysIntegrityOnSuccessListener implements OnSuccessListener<SysIntegrityResp> {
// Obtain the system integrity check result.
@Override
public void onSuccess(SysIntegrityResp sysIntegrityResp) {
}
}
// Implement the OnFailureListener API and obtain the failure details from onFailure.
protected class SysIntegrityOnFailureListener implements OnFailureListener {
// Obtain the result code and description.
@Override
public void onFailure(Exception e) {
}
}
5 Calling the SysIntegrity API
Code:
// Call the SysIntegrity API. Replace ******** in the following code with your app ID.
Task task = mClient.sysIntegrity(nonce,"********");
task.addOnSuccessListener(new SysIntegrityOnSuccessListener()).addOnFailureListener(new SysIntegrityOnFailureListener());
6 Verifying the Check Results
For details about how to verify the check results on the server, please refer to relevant documents on the HUAWEI Developers website.
To find out more, visit the following links:
SysIntegrity API:
https://developer.huawei.com/consumer/en/doc/development/HMSCore-Guides/dysintegritydevelopment-0000001050156331?ha_source=hms1
Safety Detect development guide:
https://developer.huawei.com/consumer/en/doc/development/HMSCore-Guides/introduction-0000001050156325?ha_source=hms1
Demo and sample code on GitHub:
https://github.com/HMS-Core/hms-safetydetect-demo-android
Stack Overflow (for technical discussions):
https://stackoverflow.com/questions/tagged/huawei-mobile-services?tab=Newest
Related
In this article, we’ll be looking at some of the APIs that Account Kit provides and learn how to use them in our Flutter projects.
Huawei Account Kit
Account Kit provides a simple and quick authorization experience to users. It enables to save time from long authorization periods and it’s two factor authentication process keeps users information safe. Account Kit allows you to connect to the Huawei ecosystem using your Huawei Id from a range of devices, such as mobile phones and tablets. Users can quickly and conveniently sign in to apps with their Huawei Ids after granting an initial access permission.
Configuring the project
Registering as a Developer
As first, you need to create a Huawei developer account and complete the identity verification. For details, please refer to Registering a Huawei Id.
Creating an APP
Sign in AppGallery Connect and create a new project.
Add a new app to your project by clicking the Add App button.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Generating a Signing Certificate Fingerprinter
Signing certificate fingerprints are used to verify the authenticity of an App when it attempts to access an HMS Core service through the HMS Core SDK. So before using the HMS Core service, you must generate a signing certificate fingerprint and configure it in AppGallery Connect.
Generate a Signing Certificate by referring here.
Then you’ll need to export the SHA256 Fingerprint by using keytool provided by JDK. You can find detailed steps here.
Adding Fingerprint Certificate to AppGallery Connect
On the application information page of the project, click to add your SHA256 fingerprint. Then click ✓ to save fingerprint.
Enabling Account Kit Service
On the application information page, click Manage APIs and make sure Account Kit is enabled.
Integrating HMS and Account Plugin to Flutter Project
Open pubspec.yaml file of your project and add Huawei Account Plugin as a dependency.
Code:
dependencies:
flutter:
sdk: flutter
huawei_account: ^5.0.0+300
Download agconnect-services.json file from application information page.
Move the file to the android/app directory with the signing certificate file you’ve created.
Open the android/build.gradle file and configure the Maven repository address and agconnect plugin for the HMS Core SDK.
Code:
buildscript {
repositories {
// Other repositories
maven { url 'https://developer.huawei.com/repo/' }
}
dependencies {
// Other dependencies
classpath 'com.huawei.agconnect:agcp:1.3.1.300'
}
}
allprojects {
repositories {
// Other repositories
maven { url 'https://developer.huawei.com/repo/' }
}
}
Add the AppGallery Connect plugin to your app level build.gradle file.
Code:
apply plugin: 'com.android.application'
apply plugin: 'com.huawei.agconnect'
apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
Then add the signing configurations in the same file. Don’t forget that your applicationId must be same as the one you created in AppGallery Connect. Also change your minSdkVersion to 19.
Code:
android {
defaultConfig {
applicationId "<application_id>"
minSdkVersion 19
targetSdkVersion 29
versionCode flutterVersionCode.toInteger()
versionName flutterVersionName
}
signingConfigs {
config {
storeFile file('<keystore_file>')
storePassword '<keystore_password>'
keyAlias '<key_alias>'
keyPassword '<key_password>'
}
}
buildTypes {
debug {
signingConfig signingConfigs.config
}
release {
signingConfig signingConfigs.config
}
}
}
Now we’re done with the integration part and ready to use the Account Plugin in our application.
Using Huawei Account Kit Flutter Plugin
Setting Up The Authorization
Account Plugin allows you to customize the authorization. You can request users to authorize their email addresses, profile information or access tokens. To accomplish that, you can use AuthParamHelper class.
Create an instance of AuthParamHelper class. Then set the parameters you want to customize.
Code:
AuthParamHelper helper = new AuthParamHelper();
// You can set many options by using cascades
helper..setEmail()..setRequestCode(8888);
Signing In
Now we’re going to call signIn method through HmsAccount class and pass our helper instance to it. In return, this method gives us the Huawei Id information through AuthHuaweiId class.
Code:
try {
// Make sure you handle the possible exceptions.
final AuthHuaweiId authHuaweiId = await HmsAccount.signIn(helper);
} on Exception catch (e) {
print(e.toString());
}
As this method is triggered, an authorization screen shows up. After clicking the login button, you can see the Huawei Id information is received.
Account Plugin has signOut method which clears the user’s Huawei Id information when it comes to sign out from an app. But the information is not permanently deleted.
Code:
try {
// Make sure you handle possible exceptions.
final bool result = await HmsAccount.signOut();
} on Exception catch (e) {
print(e.toString());
}
Revoking Authorization
After signing in for the first time, when users try to sign in again, the authorization screen will not show up unless users revoke it. Huawei Id information will be received directly. Once the authorization is revoked, logged id information will be deleted. And the authorization screen will be shown on another login attempt.
Code:
try {
// Make sure you handle possible exceptions.
final bool result = await HmsAccount.revokeAuthorization();
} on Exception catch (e) {
print(e.toString());
}
Sms Verification
One of the options that Account Plugin provides us is the sms verification. This service can catch sms messages in certain formats. Unlike the other authorization methods, you should be able to send sms messages for this special service.
Obtaining Application’s Hash Code
To catch upcoming sms messages, we need to know the hash code value which is unique in each app. Account Plugin provides obtainHashcode method to get that.
Code:
try {
// Make sure you handle possible exceptions.
final String hashcode = await HmsAccount.obtainHashCode();
} on Exception catch (e) {
print(e.toString());
}
Sending Sms Messages
The messages you’ll send should be as follows:
Code:
prefix_flag short message verification code is ****** hash_code
prefix_flag indicates the prefix of an SMS message, which can be <#>, [#], or \u200b\u200b. \u200b\u200b are invisible Unicode characters.
short message verification code is indicates the content of an SMS message, which is user-defined.
****** indicates the verification code.
Receiving Sms Messages
Account Plugin comes with smsVerification method to listen and catch the right formatted messages. Once it is called, the app starts listening. Waits for the messages for five minutes before timing out. Returns the message or error code depending on the situation.
Code:
HmsAccount.smsVerification(({errorCode, message}){
if (message != null) {
// Use the message
} else {
print("Error: $errorCode");
}
});
It’s all done. Now you’re ready to use Account Plugin in your Flutter applications.
Conclusion
Huawei Account Kit is such an easy and secure way to carry out authorization processes, along many other kits with powerful solutions. I think these services will keep providing a nice experience for both developers and users as they get bigger and better.
You can check some other articles about Hms Core Plugins below, and feel free to ask any question about this article in the comments.
It can be difficult for users to differentiate between legitimate URLs and malicious ones which attempt to trick them into transferring money or sharing personal details. To address this issue, HUAWEI Safety Detect provides a malicious URL check function (URLCheck) which helps developers identify the threats posed by malicious URLs.
I. Service Introduction
URLCheck's malicious URL check capability is reliable, easy to integrate, and free of maintenance. With this capability, creating a secure browsing service has never been cheaper or simpler.
Once you have integrated URLCheck into your app, the process of checking URLs is as follows.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(1) Your app has the Safety Detect SDK integrated and calls the URLCheck API.
(2) Safety Detect requests a URL check from the URLCheck server, and then sends back the check result to your app (normal URL, phishing URL, or malicious software URL).
(3) Your app can determine whether to access the URL based on the check result.
II. Scenarios
Developers in many industries have integrated URLCheck to identify risks posed by URLs accessed within their apps. This enables them to determine whether to block risky URLs based on the check result.
l URLCheck can help the app check whether the URL the user wants to access is secure, and determine whether to access the URL based on the check result.
l If the URL is risky, the app will show a security warning before enabling the user to access the URL.
III. Code Development
1 Configure app information in AppGallery Connect.
Before you start developing an app, configure app information in AppGallery Connect.
For more details about how to do this, take a look at our website.
2 Configure the Maven repository address for the HMS Core SDK.
2.1 Open the build.gradle file in the root directory of your Android Studio project.
2.2 Add the AppGallery Connect plug-in and the Maven repository.
· Go to allprojects > repositories and configure the Maven repository address for the HMS Core SDK.
Code:
1. allprojects {
repositories {
google()
jcenter()
maven {url 'https://developer.huawei.com/repo/'}
}
}
Go to buildscript > repositories and configure the Maven repository address for the HMS Core SDK.
Code:
1. buildscript {
repositories {
google()
jcenter()
maven {url 'https://developer.huawei.com/repo/'}
}
}
Go to buildscript > dependencies and add dependency on the AppGallery Connect plug-in.
Code:
buildscript{
dependencies {
classpath 'com.huawei.agconnect:agcp:1.3.1.300'
}
}
3 Add build dependencies in the dependencies section.
Code:
// Create a SafetyDetectClient instance.
SafetyDetectClient mClient = SafetyDetect.getClient(MainActivity.this);
4.1 Initialize URLCheck.
Code:
// Initialize URLCheck.
mClient.initUrlCheck();
4.2 Request a URL check.
Code:
client.urlCheck(url, appid, UrlCheckThreat.MALWARE)
.addOnSuccessListener(new OnSuccessListener<UrlCheckResponse>() {
@Override
public void onSuccess(UrlCheckResponse urlCheckerResponse) {
List<UrlCheckThreat> list = urlCheckerResponse.getUrlCheckResponse();
if (list.isEmpty()) {
// No threats detected.
} else {
// Threats detected.
}
}
})
.addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(Exception e) {
if (e instanceof ApiException){
ApiException apiException = (ApiException) e;
} else {
// An unknown error occurred.
}
}
});
4.3 Shut down URLCheck.
Code:
// Shut down URLCheck.
mClient.shutdownUrlCheck();
Demo
URLCheck on HUAWEI Developers
Safety Detect Development Guide
Sample Code on GitHub
Stack Overflow (where you can ask more questions)
When there are malicious apps on a device, they can put the user’s personal information and transactions at risk. This is why HUAWEI Safety Detect provides the malicious app detection (AppsCheck) API. It enables your app to obtain a list of malicious apps installed on the user’s device, and use this to determine whether to restrict functionality such as in-app payments.
I. Service Introduction
AppsCheck in Safety Detect features in the following:
1. Detects malicious apps with an accuracy rate of 99%, according to authority.
2. Detects unknown threats based on app behavior.
The figure below illustrates the process of checking for malicious apps.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(1) Your app, which has integrated the Safety Detect SDK, calls the AppsCheck API.
(2) The AppsCheck API returns a list of malicious apps to your app.
----End
II. Use Cases
All kinds of apps have integrated the AppsCheck API, including those in the fields of finance, tools, education, photography, news, media & entertainment. With this API, your app can obtain a list of malicious apps on the device running your app.
Example: When a user scans a QR code with your app to make a payment, your app will show the user a security warning if it detects any malicious apps on the user device.
Financial apps can integrate the AppsCheck API to ensure the security of user accounts. For example, when a user makes a payment in a financial app, the app will call the AppsCheck API to obtain a list of malicious apps on the user device. If any malicious apps are detected, the financial app will display a security warning and restrict the user's in-app operations. This means the app can protect the user's private information and finances.
Media & entertainment apps can integrate the AppsCheck API to ensure that videos are only played and downloaded on devices which do not contain any malicious apps. This prevents video piracy, makes apps more secure and efficient, and enables videos to run more smoothly.
News apps can integrate the AppsCheck API to ensure users’ accounts are secure when they read news stories or perform actions such as making in-app payments.
Demo video: Opening the demo app on a device with no malicious apps.
III. Development Procedure
1 Configuring App Information in AppGallery Connect
Before you start developing an app, configure the app information in AppGallery Connect.
For details about the procedure, please refer to HUAWEI Safety Detect Development Guide.
2 Configuring the Maven Repository Address for the HMS Core SDK
2.1 Opening the build.gradle File in the Root Directory of Your Android Studio Project
2.2 Adding the AppGallery Connect Plug-in and the Maven Repository
· Go to allprojects > repositories and configure the Maven repository address for the HMS Core SDK.
Code:
allprojects {
repositories {
google()
jcenter()
maven {url 'https://developer.huawei.com/repo/'}
}
}
· Go to buildscript > repositories and configure the Maven repository address for the HMS Core SDK.
Code:
<p style="line-height: 1.5em;">buildscript {
repositories {
google()
jcenter()
maven {url 'https://developer.huawei.com/repo/'}
}
}
</p>
· Go to buildscript > dependencies and add dependency on the AppGallery Connect plug-in.
Code:
<p style="line-height: 1.5em;">buildscript{
dependencies {
classpath 'com.huawei.agconnect:agcp:1.3.1.300'
}
}
</p>
3. Creating a SafetyDetectClient Instance
Code:
<p style="line-height: 1.5em;">// Create a SafetyDetectClient instance.
SafetyDetectClient appsCheckClient = SafetyDetect.getClient(getActivity());
}
</p>
4. Calling the AppsCheck API and Listen for the Call Result
Code:
<p style="line-height: 1.5em;">Task task = appsCheckClient.getMaliciousAppsList();
task.addOnSuccessListener(new OnSuccessListener<MaliciousAppsListResp>() {
// Obtain the malicious app check result.
@Override
public void onSuccess (MaliciousAppsListResp maliciousAppsListResp) {
}
}).addOnFailureListener(new OnFailureListener() {
// Obtain the result code and description of an exception.
@Override
public void onFailure(Exception e) {
}
});
</p>
Demo
To find out more, visit the following links:
AppsCheck API
Safety Detect Development Guide
GitHub (where you can download the demo and sample code)
Stack Overflow (where you can ask questions)
Does it works offline ?
It's very nice and reassuring.
With the release of AppGallery Connect version 1.5.2 the Auth service now has full support for making use of unified sign-in with a Google account!
This new functionality makes AppGallery Connect Auth a great option for all of your app’s authentication needs both on Huawei devices and other Android devices.
So how do we go about using unified sign-in with a Google account? Let’s take a look!
Preparing the environment for Google Sign-inDetails: Google Identity
Navigate to your Google API&Services console.
Open the API&Services and click My Project on the upper left corner. You can create one if no project exists.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Then, click CREATE CREDENTIALS to create an OAuth client ID for your project. If you haven’t already configured the consent screen for this project, follow the on-screen instructions to configure it.
After the configuration is complete, you can navigate back to Credentials > Create CREDENTIALS > OAuth client ID to continue. Select Android as the application type and configure the package name and the SHA-1 certificate fingerprint of the JKS file. The SHA-1 certificate fingerprint here is the SHA-1 value generated in step 3. (If this step is not performed, the timeout error code 10 will be displayed when you integrate Google sign-in.)
After the Android OAuth client has been created, go to the settings page, click Web client (auto-created by Google Service) and copy Client ID and Client secret which are needed for integrating Google sign-in.
Add a resource file. Set app_id and client_id in the /app/res/values/strings.xml of the Android project. The value of client_id is Client ID in the previous step and the value of app_id is the string of numbers that starts with the Client ID.
XML:
<string name="google_app_id">81792xxxx258</string>
<string name="google_client_id">81792xxxx2258-m8crjg1xxxxxxx3kufvbji0amlp.apps.googleusercontent.com</string>
Now that everything is ready, let’s move on to enabling Auth Service.
Enabling Auth ServiceSign in to AppGallery Connect, create a project and an app, and enable Auth Service. You need to enter the Client ID and Client secret when enabling Google account authentication.
As covered in the previous step, these two can be found by going to Google API&Services > Credentials > OAuth 2.0 Client IDs and opening Web client (Auto-created for Google Sign-in).
Generating the certificate fingerprint for your Android projectIf the app does not have a JKS certificate, go to Generate Signed Bundle or APK and click Create a new key store to create one. The generated JKS certificate is the JKS file used in Step 1.
Generate an SHA-256 certificate fingerprint by running the following command and entering the configured password. The SHA1 value must be identical to that configured in step 1.
keytool -list -v -keystore you_path\AuthDemo-Union\app\authdemounion.jks
Configure the corresponding Gradle file, open the app-level build.gradle file, and configure the certificate. Click here to view more details.
Configure the generated SHA256 certificate fingerprint in AppGallery Connect. (If you do not perform this step, error 6003 is reported.)
Configuring the Android serviceOpen the project-level build.gradle file and configure the Maven repository address and other parameters, as follows:
Code:
buildscript {
repositories {
google()
jcenter()
maven { url 'http://developer.huawei.com/repo/' } // config this maven
}
dependencies {
classpath "com.android.tools.build:gradle:4.1.1"
classpath 'com.huawei.agconnect:agcp:1.5.1.300' // config this path
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
}
}
allprojects {
repositories {
google()
jcenter()
maven { url 'http://developer.huawei.com/repo/' } // config this maven
}
}
Open the app-level build.gradle file and configure the SDK, app plug-in address and other parameters, as follows:
Code:
apply plugin: 'com.android.application'
apply plugin: 'com.huawei.agconnect' // config this apply
android {…}
dependencies {
implementation 'androidx.appcompat:appcompat:1.2.0'
implementation 'com.google.android.material:material:1.3.0'
implementation 'androidx.constraintlayout:constraintlayout:2.0.4'
testImplementation 'junit:junit:4.+'
androidTestImplementation 'androidx.test.ext:junit:1.1.2'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.3.0'
implementation "com.huawei.agconnect:agconnect-auth-google:1.5.2.201" // config this SDK
implementation 'com.huawei.agconnect:agconnect-auth:1.5.2.201' // config this SDK
}
Example sign in code:
Code:
private void GoogleIDLogin(){
Log.i("AuthDemo", "start:" );
AGConnectAuth.getInstance().signIn(this, AGConnectAuthCredential. Google_Provider)
.addOnSuccessListener(new OnSuccessListener<SignInResult>() {
@Override
public void onSuccess(SignInResult signInResult) {
// onSuccess
AGConnectUser user = signInResult.getUser();
Log.i("AuthDemo", "success:" + user);
}
})
.addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(Exception e) {
// onFail
Log.i("AuthDemo", "failed:" + e.getMessage());
}
});
}
// Lifecycle required by the unified channel.
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
AGConnectApi.getInstance().activityLifecycle().onActivityResult(requestCode, resultCode, data);
}
ResultOnce you run the app that has been configured with the signature file in an Android phone and call the GoogleIDLogin method, the following page will appear.
After completing authorization and sign-in, you can view the following logs, which indicate the authentication and sign-in are successful.
Compared with the traditional authentication mode, unified sign-in has significantly improved development, and for this reason, we strongly recommend that you leverage this function.
References:
Auth Service for Android
Google sign-in integration in Auth Service
Does it support non-Huawei phones as well?
Basavaraj.navi said:
Does it support non-Huawei phones as well?
Click to expand...
Click to collapse
it does yes! this can be used across all android devices
With the release of AppGallery Connect version 1.5.2 the Auth service now has full support for making use of unified sign-in with a Facebook account!
This new functionality makes AppGallery Connect Auth a great option for all of your app’s authentication needs both on Huawei devices and other Android devices.
So how do we go about using unified sign-in with a Facebook account? Let’s take a look!
Configuring the Facebook Login EnvironmentFirst, you’ll need to configure the Facebook Login environment.
Select or create a Facebook app.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Edit your resource file. Copy the following code to the /app/res/values/strings.xml file of your Android project.
Edit your manifest file. Add the following uses-permission element following the application element in the /app/manifest/AndroidManifest.xml file of your Android project.
Copy the following meta-data element to the application element.
Associate your package name and default activity class with your app and click Save. Confirm the use of this package name (skip this if your app has not been released on Google Play).
Develop a key hash using the following command, and release it for your app.
If you haven’t installed OpenSSL (openssl-for-windows) for your project, please go to Google Code Archive and download it as required.
keytool -exportcert -alias authdemounion -keystore F:\1.test\4.Auth\AuthDemo-Union\app\authdemounion.jks | openssl sha1 -binary | openssl base64
The command format is as follows:
keytool -exportcert -alias YOUR_RELEASE_KEY_ALIAS -keystore YOUR_RELEASE_KEY_PATH* | openssl sha1 -binary | openssl base64
The Facebook Login environment has now been successfully configured. Let’s move on to the operations relevant to Auth Service.
Enabling Auth ServiceSign in to AppGallery Connect, create a project and an app, and enable Auth Service. You’ll need to enter the App ID and App Secret for your app when enabling Facebook under Authentication modes, which can be found under Settings > Basic on Facebook for Developers. If they are not displayed, click the button following App Secret to show them.
Generating the Certificate Fingerprint for Your Android ProjectIf the demo project does not provide a Java KeyStore, go to Generate Signed Bundle or APK and click Create new.key store to create one
Generate an SHA-256 certificate fingerprint. Run the following command and enter the configured password to generate a SHA-256 certificate fingerprint.
keytool -list -v -keystore you_path\AuthDemo-Union\app\authdemounion.jks
Open the app-level build.gradle file, and configure the certificate information for your project
Click here to view the sample code.
Configure the generated SHA-256 certificate fingerprint in AppGallery Connect. (If you do not perform this step, error 6003 will be reported.)
Configure Your AppOpen the project-level build.gradle file and configure information, including the Maven repository address. The code is as follows:
Code:
buildscript {
repositories {
google()
jcenter()
maven { url 'http://developer.huawei.com/repo/' } // Configure this maven.
}
dependencies {
classpath "com.android.tools.build:gradle:4.1.1"
classpath 'com.huawei.agconnect:agcp:1.5.1.300' // Configure this path.
// NOTE: Do not copy your dependencies in here, which should be included
// in the build.gradle files of each module.
}
}
allprojects {
repositories {
google()
jcenter()
maven { url 'http://developer.huawei.com/repo/' } // Configure this maven.
}
}
Open the app-level build.gradle file and configure information, including the SDK information and app plug-in address. The code is as follows:
Code:
apply plugin: 'com.android.application'
apply plugin: 'com.huawei.agconnect' // Configure the apply plug-in.
android {…}
dependencies {
implementation 'androidx.appcompat:appcompat:1.2.0'
implementation 'com.google.android.material:material:1.3.0'
implementation 'androidx.constraintlayout:constraintlayout:2.0.4'
testImplementation 'junit:junit:4.+'
androidTestImplementation 'androidx.test.ext:junit:1.1.2'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.3.0'
implementation "com.huawei.agconnect:agconnect-auth-facebook:1.5.2.201" // Configure this SDK.
implementation 'com.huawei.agconnect:agconnect-auth:1.5.2.201' // Configure this SDK.
}
Add the code for implementing unified sign-in:
Java:
private void FaceBookLogin(){
Log.i("AuthDemo", "start:" );
AGConnectAuth.getInstance().signIn(this, AGConnectAuthCredential.Facebook_Provider)
.addOnSuccessListener(new OnSuccessListener<SignInResult>() {
@Override
public void onSuccess(SignInResult signInResult) {
// onSuccess
AGConnectUser user = signInResult.getUser();
Log.i("AuthDemo", "success:" + user);
}
})
.addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(Exception e) {
// onFail
Log.i("AuthDemo", "failed:" + e.getMessage());
}
});
}
// Activity lifecycle required by the unified sign-in.
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
AGConnectApi.getInstance().activityLifecycle().onActivityResult(requestCode, resultCode, data);
Viewing the Result and LogsOnce you run your signed APK on an Android phone and call the FaceBookLogin method, you’ll get the following page.
You can tap CONTINUE AS LINKING and sign in to your app with your Facebook account. The following log information will be displayed.
Compared with the traditional implementation mode, the unified sign-in has greatly simplified the development process. It is strongly recommended that you use the new mode.
For details about Auth Service, please refer to:
Auth Service document for Android
Guide for integrating Facebook account
Thanks for sharing.