-4

I would like to implement Single Sign On on Android.

I have a set of mobile apps which need to speak with a server to identify the user.

When one of the applications is recognised as belonging to the user, the other apps should be able to detect that, without asking the user for further identification.

So basically the user will log in only one application and all other applications will follow automatically.

Please how could I achieve that?

Lisa Anne
  • 4,482
  • 17
  • 83
  • 157
  • 8
    Sorry, but we cannot just write your code. Just because you have a bounty doesn't mean your post can go on-topic when it's not – Ali Bdeir Nov 10 '16 at 19:39
  • 1
    Use SharedPreference across multiple apps? http://stackoverflow.com/questions/6030321/android-retrieving-shared-preferences-of-other-application – denvercoder9 Nov 10 '16 at 19:45
  • Are you looking for a solution that will recognize user based on some unique identity across different apps and devices? For Ex: If User A has two devices D1 and D2 and it have two different app on either devices with same publisher. Now you want to recognize user with all of its details if he/she has logged in one of either app. Am I right? – AndroidHacker Nov 16 '16 at 10:49
  • 1
    @AndroidHacker thanks hacker, yes that is the idea, but I don't need to find a solution cross devices, I will be happy to find a solution to automatically login the apps on the same device – Lisa Anne Nov 16 '16 at 15:24
  • And you want that for known specific apps ? i.e. Apps that have been developed by the same publisher ? – AndroidHacker Nov 17 '16 at 03:16
  • Hey I found Logan Pickup solution interesting, that is a way you can achieve your task. If you still find yourself in difficult situation, then you can SharedPref as an alternate solution. Check out this post that will do your work. http://androiddhamu.blogspot.in/2012/03/share-data-across-application-in.html – AndroidHacker Nov 17 '16 at 04:13
  • @AndroidHacker that link uses the deprecated "world readable". I think Android has removed it in 7.0. It is a dated solution now. – Sufian Dec 31 '16 at 03:58
  • As a user coming here from Google, would someone please explain the fatal flaw in this question? – S.V. Aug 17 '18 at 15:47

3 Answers3

10

You could use a central app that does the sign-on, and call it as a service from the other apps. The sign-on management app should have a service marked with an application-specific permission (see https://developer.android.com/guide/topics/manifest/permission-element.html), and should set the android:protectionLevel attribute to signature; for example in your android manifest:

<permission android:name="com.example.SSO_ACCESS"
    android:protectionLevel="signature" />

And also in your Android manifest:

<service android:enabled="true"
    android:exported="true"
    android:name=".SingleSignOnService"
    android:permission="com.example.SSO_ACCESS" >
    . . .
</service>

This will allow apps you create to communicate with the sign-on app's service, but no other applications will be able to.

You should communicate with the service using standard Android service techniques (bind to the service using bindService() with an appropriate intent - you will need an appropriate intent filter for the service in the manifest) - see the Android services guide for information on this.

Logan Pickup
  • 2,294
  • 2
  • 22
  • 29
3

Take a look at this excellent blog post on how to implement a custom account type on Android. All of your applications may access the single account created on the phone. Every single one of your apps should implement the activities needed for account creation to make the registration and login process available to all users.

Jonas Köritz
  • 2,606
  • 21
  • 33
0

Take a look at an Identity Management Service. You can roll your own with something like IdentityServer or use an external service, such as Auth0

Kevin R.
  • 3,571
  • 1
  • 19
  • 29