Authenticating a user

The Lithium Community Android SDK supports Lithium Registration and LithiumSSO authentication options. After you authenticate, you can make calls to the Community REST APIs (v1 and v2) on behalf of the logged-in member or anonymous visitor. You must call the authentication flow explicitly in your code. An anonymous user will receive a 401 error (Unauthorized) if the user attempts to perform an action that he or she does not have permission to do. We show an example of how to check for a 401 error and how to start the login flow when attempting to perform an unauthorized action in our Tutorial guide.

As we describe in Getting Started with the Community Android SDK, authentication must be launched explicitly in your code. You might include it in your initialization code, or trigger the flow at some point after you have initialized the SDK, such as when the user attempts to perform an action like replying to a message or giving a kudo. See Initializing the SDK for initialization instructions.

• About authentication options
• Authentication utility methods
• Authentication UI
• How to authenticate

About authentication options

The Community Android SDK supports the following user authentication options:

• Lithium Registration
• LithiumSSO token authentication
• Custom SSO - Contact Lithium Services for custom SSO integrations

Lithium Registration

Lithium Registration is the most basic authentication method. It is configured in Community Admin. A community user creates an account by providing an email, username, and password. Lithium stores all account information. Password management actions such as Forgot Password or Password Reset are done through the platform.

A username, email, and password are required when creating an account, although Lithium Services might have added additional, required registration fields requested by your Community team during launch. You can learn more about Lithium Registration in Authentication Overview on the Lithium Developer Documentation Portal.

LithiumSSO token authentication

LithiumSSO uses a token created using the Community API LithiumSSOClient class. (See LithiumSSO token authentication for sample token-generation code.) After creating the token, store the token as a String in a variable.

In addition to our SSO developer documentation mentioned above, also see our Administrator's Guide and our article about configuration options in Community Admin.

Authentication utility methods

The SDK includes the following utility method on LiSDKManager for user authentication:

• LiSDKManager.getInstance().isUserLoggedIn() - Check whether the user is logged in

Authentication UI

The Support UI login flow with Lithium Registration takes the user to the LiLoginActivity (li_login_activity.xml) where he or she enters a username and password. When using SSO with the Support UI, authentication occurs in the background.

How to authenticate

You initiate the authentication/login flow using one of the initLoginFlow methods on LiSDKManager. If your community uses SSO, be sure to use a method that takes the SSO token.

When using Firebase Cloud Messaging, you must pass the device token ID used to register that device for notification. Do not pass a device token ID if using any other notification service -- Lithium will simply register the subscription event and your subscription service will handle the notification.

When using Firebase Cloud Messaging, authenticate using one of the following:

• initLoginFlow(android.content.Context context, LiDeviceTokenProvider liDeviceTokenProvider)
• initLoginFlow(android.content.Context context, java.lang.String ssoToken, LiDeviceTokenProvider liDeviceTokenProvider)

When using any other subscription notification service, authenticate using one of these:

• initLoginFlow(android.content.Context context)
• initLoginFlow(android.content.Context context, java.lang.String ssoToken)

The Core SDK and Support UI libraries use the same initLoginFlow methods.

Lithium Registration examples

When using Lithium Registration, but not using Firebase for subscription notification, initiate the authentication flow like this:

LiSDKManager.getInstance().initLoginFlow(context);

When using Lithium Registration along with Firebase for subscription notification, initiate the authentication flow like this. If the device token ID is not passed, the SDK will not register the device for notification.

    LiSDKManager.getInstance().initLoginFlow(context, new LiDeviceTokenProvider() { 
        @Override 
        public String getDeviceId() { 
            return FirebaseInstanceId.getInstance().getToken(); 
        } 
    }); 

LithiumSSO examples

When using LithiumSSO, but not using Firebase for subscription notification, simply pass the SSO token generated using the instructions in Authentication Overview, along with the Android context like this:

LiSDKManager.getInstance().initLoginFlow(context, "<SSO Token>");

When using LithiumSSO along with Firebase for subscription notification, initiate the authentication flow like this. If the device token ID is not passed, the SDK will not register the device for notification.

        LiSDKManager.getInstance().initLoginFlow(context, "<SSO_TOKEN>", new LiDeviceTokenProvider() { 
            @Override 
            public String getDeviceId() { 
                return FirebaseInstanceId.getInstance().getToken(); 
            } 
        });