Okay. I started developing an Android App for our enterprise web app. Just started the Login screen activity design.
This app is completely driven by RESTFul API.
I would like to understand how to develop login / logout feature in the application. As far as I understand, there is no Session concept in the app world. Also, for the API, we need to send Username and Password with every request (Basic Auth). So apparently, we need to keep the login credentials somewhere in the local storage to send along with every request.
Here is what I understand from my basic Android knowledge.
When user enters login information and presses the button, we'll spin up a HTTP call to API. If login credentials are valid, then we'll have to store the credentials locally. Options are
Any other alternatives?
I want to make sure I follow the best practice, while not sacrificing from performance and architecture perspective.
And for the logout, I think I just need to wipe out the credentials stored locally and show login Activity.
Are there any different and better approaches?
XML stands for eXtensible Markup Language, which is a way of describing data using a text-based document. Because XML is extensible and very flexible, it's used for many different things, including defining the UI layout of Android apps.
Use FrameLayout, RelativeLayout or a custom layout instead. Those layouts will adapt to different screen sizes, whereas AbsoluteLayout will not. Definitely right. I recommend RelativeLayout since it keeps the view hierachy flat.
The user interface (UI) for an Android app is built as a hierarchy of layouts and widgets. The layouts are ViewGroup objects, containers that control how their child views are positioned on the screen. Widgets are View objects, UI components such as buttons and text boxes.
I would suggest making use of the Android Accounts feature.
This blog has a pretty good step by step guide on all the bits you need to put together.
The general idea is you supply the AccountManager with the users username/password, and leave it up to the AccountManager to store them securely.
When you need an authentication token, you ask the AccountManager for one, and it will either return a cached token, or call back into your code (passing the username/password) and you make the call to your authentication service to get a fresh token.
I think storing password in app is bad idea, better approach is just make request with user credential at first time when user get login the server return an access token save this access token in SharedPreferences
for rest of purpose like getting user detail use the token in request.
Session : Create your own class for maintain session. Hackbook is a good example for it.
Generally, there are three ways you can persist data in Android: SQLite, SharedPreferences
, and reading/writing onto a file a la Java I/O. SQLite is optimal for relational data, but because you simply need to store the user's credentials, I recommend you use SharedPreferences. It seems to me like a simple key-value data model.
SharedPreferences
are basically just an encapsulation of direct file I/O--that is, the underlying implementation is still file reading and writing, but simplified for key-value pairs. I don't know much about encryption, but you might have to handle that yourself before storing the password in a SharedPreferences
object (also consider JaiSoni's suggestion: use an access token instead). Rest assured, however, that if you create the SharedPreferences
and set it to MODE_PRIVATE
, other apps won't have access to the shared prefs file.
I believe this is pretty much a standard implementation. If you look at this page, there's really only so much you can do: http://developer.android.com/guide/topics/data/data-storage.html
May I also point out that one of the complexities with direct file I/O is that you'll have to decide where you want to store the file--internal or external memory (e.g., SD card)--and hence check for its availability (not all devices have SD card slots, and sometimes internal memory is registered as external memory to the device). So just go with shared prefs.
For logging out, this might be useful: Deleting shared preferences
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With