Configuring an Android App as an Identity Provider

You can configure any app built on Mobile SDK 11.0 or later as an identity provider. You call a method to define which identity provider client apps you want to connect to, then select the identity provider client in your app’s UI.

The easiest way to create an identity provider app is by using the Mobile SDK AndroidIDPTemplate. This template is available on GitHub in the github.com/forcedotcom/SalesforceMobileSDK-Templates repo. Use the forcedroid createwithtemplate command with the URI of the template repo, as shown in the following command-line example.

To let the identity provider app know about the client app you want it to service, define one (or multiple) client app configurations in the onCreate method of its application subclass.

To kick off the IDP-initiated login flow, the following example code calls kickOffIDPInitiatedLoginFlow for the chosen client app package name, which handles the status updates. In this example, updates are presented in a toast notification, but the application ultimately decides how to show progress to the user. You can find the corresponding version of this code in the UI of your IDP app. Examples of the selection UI can be found on GitHub, in the https://github.com/forcedotcom/SalesforceMobileSDK-Templates repo. For Android, check out the AndroidIDPTemplate.

The onStatusUpdate callback can return any of the following status updates.

• LOGIN_REQUEST_SENT_TO_SP
• GETTING_AUTH_CODE_FROM_SERVER
• ERROR_RECEIVED_FROM_SERVER
• AUTH_CODE_SENT_TO_SP
• SP_LOGIN_COMPLETE