Integrate CyberArk Identity Android SDK

This topic helps you to set up and install the Android SDK into your mobile app and thus integrate with CyberArk Identity to provide strong authentication and authorization support to your app.

Step 1: Create an OAuth2.0 client (or) OpenID connect custom app

If you developed a public or confidential app to access CyberArk Identity services on behalf of an end-user, you need to create an OAuth 2.0 Client or OpenID Connect (OIDC)

For instructions on creating an OAuth 2.0 Client application in the Admin Portal, refer to
Authorization (Auth) Code Flow with PKCE.

📘

For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended. To do this, select List (Apps > Web Apps > OAuth2 Client > General Usage > List) and add Allowed Clients in the Admin Portal

For instructions on creating an Open ID connect application in the Admin Portal, refer to
About OpenID Connect,
Add and configure the custom OpenID.

For public apps, such as native apps, the Authorization Code Flow with PKCE is recommended.

📘

The Redirect URI for the OAuth 2.0 client (or) OpenID connect should be "{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/redirectURICallback"

Step 2: Download the android SDK from GitHub package manager

Get a PAT (Personal Access Token) from GitHub with read:packages permission.

Reference: Creating a PAT

allprojects {
    repositories {
        google()
        mavenCentral()
        maven {
            name = "GithubPackages"
            url = uri("https://maven.pkg.github.com/cyberark/identity-demo-android")
            credentials {
                username = System.getenv('GITHUB_USER') ?: project.findProperty('GITHUB_USER')
                password = System.getenv('GITHUB_ACCESS_TOKEN') ?: project.findProperty('GITHUB_ACCESS_TOKEN')
            }
        }
    }
}

Add the GITHUB_USER and GITHUB_ACCESS_TOKEN values to your environment variables on your local machine or build server to avoid creating a GitHub properties file.

GITHUB_USER will be the username or, in some cases, the email address.

Step 3: Declare Gradle Implementation for Identity Android SDK

When you use Gradle to build your app for Android, you must declare the Identity SDK dependencies so that Gradle can download all the required dependencies. Add the following in your app/build.gradle.

//CyberArk Identity Android SDK lib
implementation 'com.cyberark.identity:android-sdk:{$version}'

Update {$version} with your latest SDK version.

Step 4: Verify the supported SDK version

To run the Identity SDK, the minimum supported Android SDK version is API level 24 and above.

compileSdkVersion 31
buildToolsVersion "30.0.3"

defaultConfig {
    applicationId "com.cyberark.mfa"
    minSdkVersion 24
    targetSdkVersion 31
    versionCode 1
    versionName "1.0"
  }

Step 5: Use Java 8 language features

The Identity Android SDK requires Java 8 language feature support. To enable Java 8 support for Android and Kotlin plugins respectively, add the following compile options in your build.gradle file in your app folder.

compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
    kotlinOptions {
        jvmTarget = '1.8' 
    }

Step 6: Add permission in AndroidManifest.xml

Open your app's AndroidManifest.xml file and add the following permission.
To perform actions on the token, you need to add the INTERNET permission to your AndroidManifest.xml file.

<manifest. >
<uses-permission android:name="android.permission.INTERNET" />
</manifest. >

Step 7: Read values from configs.xml

Create a config.xml (Identity-demo-android > res > config.xml) and add the following resources.

<resources>
    // Basic Settings
    <string name="cyberark_auth_system_url">{auth_system_url}</string>
    <string name="cyberark_auth_host_url">{auth_host_url}</string>
    <string name="cyberark_auth_client_id">{auth_client_id}</string>
    <string name="cyberark_auth_app_id">{auth_app_id}</string>
    <string name="cyberark_auth_state">{auth_state}</string>
    <string name="cyberark_auth_response_type">code</string>
    <string name="cyberark_auth_scope">{auth_scope}</string>
    <string name="cyberark_auth_redirect_uri">{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/redirectURICallback</string>
    <string name="cyberark_auth_host">{auth_host}</string>
    <string name="cyberark_auth_scheme">{auth_scheme}</string>
  
    // Google ReCaptcha V2 Settings
    <string name="recaptcha_v2_site_key">{recaptcha_site_key}</</string>

    // Step-up authentication using MFA widget
    <string name="acme_native_login_url">{native_login_url}</string>
    <string name="cyberark_widget_host_url">{mfa_widget_host_url}</string>
    <string name="cyberark_widget_id">{mfa_widget_id}</string>
      
     // Authentication widget
    <string name="cyberark_auth_widget_host_url">{auth_widget_host_url}</string>
    <string name="cyberark_auth_widget_id" translatable="false">{auth_widget_id}</string>
    <string name="cyberark_auth_resource_url">{auth_scheme}://{auth_host}/android/{YOUR_APP_PACKAGE_NAME}/resourceURLCallback</string>

</resources>

Step 8: Define the Manifest Placeholders for the CyberArk Identity Host and CyberArk Identity Scheme

These manifest placeholders are used internally by the library to register an intent filter. Go to your app/build.gradle file and add the manifestPlaceholders line as shown below: