Facebook Native Authentication on Android

Instead of using WebViews for oauth to Facebook, if the user has the Facebook Android app installed you can do native facebook authentication to get an access token. This is a more seamless experience as the user won’t be requried to re-enter their Facebook login and password if they are already logged in.

Adding Facebook naive authentication on Android to Singly’s SDK was easier than I thought it would be at first. Facebook provides great documentation for its Android SDK and though it might seem like there are a lot of steps, they are pretty easy. I am not going to duplicate the Facebook docs here, they are extensive. I will explain my experiences going through the process.

Registering your Facebook App

The Facebook docs go into detail about registering your Facebook app. Below is what the app screen looks like when filled out.

The display name is the name that will appear to your users when they authenticate your app so be descriptive.

There are sections for website and native android app. Facebook supports offline access tokens. You can authenticate from your android app and then pass that access token to your website and use it for offline processing. If you are authenticating through your website and your android app your will need to fill out both sections.

The website section is just the redirect url after authentication. In the native android section package name is a unique app identifier used to open your android app if it is installed. This would be used for deep linking inside of facebook. For example, posting content to Facebook from your app. Cicking on that content inside of Facebook from a phone with your app installed would open your Android app. The class name is the fully qualified name of the class that will be launching the Facebook authentication process.

Signed Key Hashes

The section that people seem to get tripped up on the most is the key hashes. It sounds difficult but it isn’t. Essentially you need to let Facebook know what key you will be signing your Android app with. In development this is usually a debug key. In production, when deployed to the Google Play store, it will be a different key. What Facebook is expecting is a base64 hash of the key. The debug key can be found in ~/.android/debug.keytore. To get the base64 hash run the following commands:

The default password for the debug key is android. Take the hashed output and paste it into the key hashes field. You can add more than one key here, for instance one for development and one for production.

Authentication Activity

The next step is to create an activity to call the Facebook authentication. Here is shell of an Activity that starts the authentication process.

Your app id is the app id generated by Facebook and displayed in the Facebook Developers page for your app. Perms are the permissions that your are asking for from your users. There are many different permissions, ask for only what your app needs. No permissions requested just gives that basic user information. The FacebookAuthListener is our listener class that will be called when authentication is finished.

The authentication process opens up a Facebook authentication Activity. If the user isnt’ logged in they will be taken through the login process. If logged in or once the login is completed the user will be show an authentication dialog with your app name and the permissions you are requesting for your app. They can allow, deny, or cancel. Any of those actions will finish the Facebook authentication process and return the user to your authentication activity. This is where the onActivityResult method comes into play.

When the Facebook authentication process returns to your activity the onActivityResult method will be called per the normal Activity lifecycle. This is where you muse call the authorizeCallback method which passes control to your callback listener. In our case this would be the FacebookAuthListener.

Facebook DialogListener

Depending on the result of the Facebook authentication process different methods will be called on the DialogListener. If successful the onComplete method will be called. From this you can get the access token and store it in shared prerferences. This access token can then be used to call Facebook specific api methods. In our can on success or failure we close the FacebookAuthenticationActivity after setting a result to be returned from the Activity that started the FacebookAuthenticationActivity.

Shameless Plug

The Singly Android SDK now has Facebook native authentication integrated. If the user has the Android Facebook app installed it will use native auth, if not it will fallback to WebView based authentication. Check it out if you want drop in support for authentication to multiple networks and easy access to social data. Connect with me if you are interested in or have questions about the Singly Android SDK.