Okay. I started developing an Android App for our enterprise web app. Just started the Login screen activity design.
This app is completely driven by RESTFul API.
I would like to understand how to develop login / logout feature in the application.
As far as I understand, there is no Session concept in the app world. Also, for the API, we need to send Username and Password with every request (Basic Auth). So apparently, we need to keep the login credentials somewhere in the local storage to send along with every request.
Here is what I understand from my basic Android knowledge.
When user enters login information and presses the button, we’ll spin up a HTTP call to API. If login credentials are valid, then we’ll have to store the credentials locally. Options are
- SQLite
- Shared Preferences. (I never used it. But I am assuming, we can use this)
- Bundle (Not sure if this is an option)
Any other alternatives?
I want to make sure I follow the best practice, while not sacrificing from performance and architecture perspective.
And for the logout, I think I just need to wipe out the credentials stored locally and show login Activity.
Are there any different and better approaches?
I would suggest making use of the Android Accounts feature.
This blog has a pretty good step by step guide on all the bits you need to put together.
The general idea is you supply the AccountManager with the users username/password, and leave it up to the AccountManager to store them securely.
When you need an authentication token, you ask the AccountManager for one, and it will either return a cached token, or call back into your code (passing the username/password) and you make the call to your authentication service to get a fresh token.