LogoLogo
CMSGitHubSupportBook a demo
  • Documentation
  • Academy
  • Help Center
  • Welcome
  • SDKS & Frameworks
    • Web
      • Getting Started
        • Prerequisites
          • MapsIndoors
          • Map Engine Provider
            • Option 1: Get your Mapbox Access Token
            • Option 2: Get your Google Maps API Keys​
          • Map Engine Setup
        • Getting Started: MapsIndoors
      • Map Visualization
        • Highlight, Hover and Select
        • Remove Labels from Buildings and Venues
        • Change Building Outline
        • Managing Collisions Based on Zoom Level
        • 3D Maps
          • Managing your 3D Maps
        • Base Map Styling - Google Maps
        • Managing feature visibility for Mapbox
      • Wayfinding
        • Directions
        • Directions Service
          • Tailoring the directions to your specific needs
        • Directions Renderer
          • Customizing the Route Animation
        • Multi-stop navigation
          • Custom Icons
        • User's Location as Point of Origin
      • Search
        • Search Operations
        • Searching
        • Using External ID, Geospatial Joins
        • Utilizing MapsIndoors Web Components and Other Searches
      • Map Management
      • Data Visualization
        • Display Heatmap Overlay
      • Other guides
        • Authentication
          • Single Sign-On
            • SSO Configuration
            • SSO Authorisation
          • 2-Factor Authentication
          • Password Reset
        • Application User Roles
        • Custom Properties
        • Display Language
        • Language
        • User Positioning
          • Show User's Location aka. Blue Dot
          • Using Cisco DNA Spaces
        • Working with Events
        • Turn Off Collisions Based on Zoom Level
        • Remove Labels from Buildings and Venues for Web
        • Synchronizing data for a subset of venues
        • Custom Floor Selector
      • Display Rules in Practice
      • Offline Data
      • Managing map visibility
    • Android
      • Getting Started
        • Prerequisites
        • Create a New Project
        • Show a Map
        • Create a Search Experience
        • Getting Directions
        • Enable Live Data
        • Integrating MapsIndoors into your own App
        • Migrating from V3 to V4
          • Migrating to Mapbox V11
      • Directions
        • Directions Service
        • Directions Renderer
          • User's Location as Point of Origin
        • Wayfinding Instructions
          • See Route Element Details
        • Using multi-stop navigation
      • Searching
        • Searching on a Map
        • Creating a Search Experience
      • Switching Solutions
      • Caching & Offline Data
      • Display Language
      • Displaying Objects
        • Application User Roles
        • Getting a Polygon from a Location
        • Location Clustering
        • Location Data Sources
        • Location Details
        • Turn Off Collisions Based on Zoom Level
        • Enabling and Disabling features on the map
      • Change Building Outline Color
      • Event Logging
      • Configuring a menu with AppConfig
      • Display Heatmap Overlay
      • Custom Properties
      • Custom Floor Selector
      • External IDs
      • User Positioning
        • Show User's Location aka. Blue Dot
        • Using Cisco DNA Spaces
        • Using Google Fused Location Provider
        • Using Indoor Atlas
      • Authentication
        • Single Sign-On
          • SSO Configuration
          • SSO Authorisation
        • 2-Factor Authentication
        • Password Reset
      • Display Rules in Practice
        • Label styling through Display Rules
      • Highlight and Select
    • iOS
      • Getting Started
        • Prerequisites
        • Set Up Your Environment
        • Display a Map
        • Search
        • Getting Directions
        • Migrating from v3 to v4
      • Directions
        • Directions Renderer
          • User's Location as Point of Origin
        • Wayfinding Instructions
          • See Route Element Details
        • Directions Service
        • Using multi-stop navigation
      • Searching
        • Searching on a Map
        • Creating a Search Experience
      • Caching & Offline Data
      • Displaying Objects
        • Application User Roles
        • Getting a Polygon from a Location
        • Location Details
        • Turn Off Collisions Based on Zoom Level
        • Enabling and Disabling features on the map
      • Custom Floor Selector
      • Change Building Outline Color
      • Custom Map Padding
      • Custom Properties
      • Display Rules in Practice
        • Label styling through Display Rules
      • Switching Solutions
      • Show User's Location aka. Blue Dot
        • Using Indoor Atlas
        • Using Cisco DNA Spaces
      • Highlight and Select
      • Display Language
    • React Native
      • Getting Started
        • Prerequisites
        • Project Setup
        • Displaying a Map
        • Creating a Search Experience
        • Getting Directions
        • Enabling Live Data
      • Showing Blue Dot
    • Flutter
      • Getting Started
        • Prerequisites
        • Create a New Project
        • Show a Map
        • Create a Search Experience
        • Getting Directions
      • Migration Guide
    • Integration API
      • Integration API Access
        • Access with Swagger
        • Access with Postman
        • Access with Python
        • Client credentials flow
      • Data Description
      • Reverse Geocoding
      • Route Access
      • OpenAPI Specification
    • Built-In Map Edits
      • Getting started
      • Authentication
      • Release notes
      • Reference docs
  • Products
    • Product Overview
    • CMS
      • Interface Overview
      • Display Rules
      • Media Library
        • 2D Models and Icons
        • 3D Models
      • Editing Data
      • Solution Settings
      • Settings
      • Data Concepts
      • User Roles
      • Route Network
        • Barrier Route Element
        • Door Route Element
      • Additional Location Details
    • Map Template
      • Getting Started
        • Web Component
        • React Component
      • Configuration
        • Query Parameters
      • Customization
      • Deploying Map Template to a cloud storage provider
      • 2D/3D Visibility Switch
      • External customization of the Map Template
      • Location Details configuration
      • Kiosk
        • QR code configuration
  • Other
    • Design
      • Standard MapsIndoors Map Style
      • Using a Custom Mapbox MapStyle
    • Changelog
      • Web SDK
        • V4
        • V3
      • Android SDK
        • V4
        • V3
      • iOS SDK
        • V4
        • V3
      • React Native SDK
      • Flutter SDK
      • MI Components
      • Map Template
    • Glossary
  • Legacy Docs
    • Android SDK V3
      • Getting Started
        • Prerequisites
        • Create a New Project
        • Show a Map
        • Create a Search Experience
        • Getting Directions
        • Enable Live Data
        • Integrating MapsIndoors into your own App
    • iOS SDK V3
      • Getting Started
        • Prerequisites
        • Set Up Your Environment
        • Display a Map
        • Search
        • Directions
        • Live Data
        • Integrating MapsIndoors into your own App
      • Inspect Route Element for iOS v3
      • Using Cisco DNA Spaces
      • Using Indoor Atlas
      • Switching Solutions
      • Show User's Location aka. Blue Dot
      • Application User Roles
      • Getting a Polygon from a Location
      • Location Details
  • MapsIndoors SDK Firewall
  • Google Analytics & Logging
  • Reference Docs
    • Web SDK
    • Android SDK
    • iOS SDK
    • React Native SDK
    • Flutter SDK
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. SDKS & Frameworks
  2. Android

Authentication

Last updated 1 year ago

Was this helpful?

MapsIndoors Auth is handled in two ways:

  • API keys - This is how apps built on top of the SDKs are authorized by default,

  • MapsIndoors Auth server - This is how the MapsIndoors CMS authorizes, as well as apps to access secured solutions.

The MapsIndoors Auth server is located at - including and . The server is an implementation - with support for OAauth 2 and OIDC protocols.

It stores all users that are managed through the MapsIndoors CMS, as well as configurations for authentication providers. Based on these users and authentication providers, it can authenticate and authorize users in order to access the MapsIndoors CMS and secured MapsIndoors solutions.

This guide covers the different aspects of user authentication and authorization in the MapsIndoors JavaScript SDK.

Usually, access to the services behind the MapsIndoors SDK is restricted with API keys. However, as an additional layer of security and control, access can be restricted to users of a specific tenant. A MapsIndoors dataset can only be subject to user authentication and authorization if integration with an identity provider exists. Current examples of such identity providers are Google and Microsoft. These providers and more can be added and integrated to your MapsIndoors project by request.

We recommend using a library such as AppAuth to handle verification and response to get a token to use in the MapsIndoors SDK.

If you are looking for documentation on Android SDK v3, please .

In order to utilize an OAuth2 login flow for your MapsIndoors project, you will need to provide some details to the OAuth2 client, like the issuer URL, client id, scopes and possibly a preferred identity provider if there are more than one option. These details can be fetched using MapsIndoors.getAuthenticationDetails

This can be called from MapsIndoors like this:

MapsIndoors.getAuthenticationDetails("apikey", authDetails -> {
    //Check if authdetails is not null and auth is required for the api
    if (authDetails != null && authDetails.isAuthRequired) {
        //Through the authDetails you can retrieve the necessary data to create a auth request. Here is an example through the appAuth library
        AuthorizationServiceConfiguration.fetchFromIssuer(Uri.parse(authDetails.getAuthIssuer()), (serviceConfiguration, ex) -> {
            if (serviceConfiguration != null) {
                authorizationRequest = new AuthorizationRequest.Builder(serviceConfiguration, authDetails.getAuthClients().get(0).getClientId(), ResponseTypeValues.CODE, Uri.parse("redirectUri"))
                            .setAdditionalParameters(Collections.singletonMap("acr_values", "idp:" + authDetails.getAuthClients().get(0).getPreferredIDPs().get(0)))
                            .setScope("openid profile account client-apis").build();
                authorizationService = new AuthorizationService(this);
                Intent authIntent = authorizationService.getAuthorizationRequestIntent(authorizationRequest);
                startActivity(authIntent);
            }
        }
    }
}

You will also need to provide a redirect url, but this is not provided by MapsIndoors. The callback url may be a .

Note that the redirect link must be known to MapsIndoors and white-listed for your identity provider integration. You must inform us about all the links that you need for your application, both for development and production use so they can be white-listed.

After you have made the request if using the library you will have to react on the recieved intent from the user logging in.

With that you response you will create the token exchange request. The token exchange request will respond with a token if succesful that can be set through the MapsIndoors class by calling setAuthToken. The set access token is used by the MapsIndoors SDK, for remaining lifespan of the SDK. If the SDK is initialized again, a token will need to be set again.

//Continuing the example of using the appAuth library together with MapsIndoors
@Override
protected void onNewIntent(Intent intent) {
    super.onNewIntent(intent);
    final Uri data = intent.getData();
    AuthorizationResponse authorizationResponse = new AuthorizationResponse.Builder(authorizationRequest).fromUri(data).build();
    authorizationService.performTokenRequest(authorizationResponse.createTokenExchangeRequest(), (response, ex1) -> {
        if (response != null) {
            if (response.accessToken != null) {
                MapsIndoors.setAuthToken(response.accessToken);
            }
        }
    });
}

You can now validate that you have set up the token correctly by calling MPApiKeyValidatorService.checkAuthToken with your solution key like this:

private void checkApiKeyValidityAndInitializeSDK() {
    MPApiKeyValidatorService.checkAuthToken("apikey", error -> {
        if (error != null) {
            //An error happened, authentication was not succesful.
        }else {
            //You have now succesfully gotten access to a solution that requires authentication
            MapsIndoors.load(getApplicationContext(), "apikey", null);
        }
    }
}

The SDK will ensure all subsequent performed data requests will include the set access token.

In order to utilize an OAuth2 login flow for your MapsIndoors project, you will need to provide some details to the OAuth2 client, like the issuer url, client id, scopes and possibly a preferred identity provider if there are more than one option. These details can be fetched using MapsIndoors.getAuthenticationDetails

This can be called from MapsIndoors like this:

MapsIndoors.getAuthenticationDetails("d2540acd09f241d187994eec") { authDetails: MPAuthDetails? ->
    //Check if authdetails is not null and auth is required for the api
    if (authDetails != null && authDetails.isAuthRequired) {
        //Through the authDetails you can retrieve the necessary data to create a auth request. Here is an example through the appAuth library
        AuthorizationServiceConfiguration.fetchFromIssuer(Uri.parse(authDetails.authIssuer)) { serviceConfiguration: AuthorizationServiceConfiguration?, _: AuthorizationException? ->
            authorizationRequest = AuthorizationRequest.Builder(
                serviceConfiguration!!,
                authDetails.authClients[0].clientId,
                ResponseTypeValues.CODE,
                Uri.parse("mapsindoorsapp://"))
                .setAdditionalParameters(Collections.singletonMap("acr_values", "idp:" + authDetails.authClients[0].preferredIDPs[0]))
                .setScope("openid profile account client-apis").build()
            authorizationService = AuthorizationService(this)
            val authIntent = authorizationService!!.getAuthorizationRequestIntent(authorizationRequest!!)
            startActivity(authIntent)
        }
    }
}

Note that the redirect link must be known to MapsIndoors and white-listed for your identity provider integration. You must inform us about all the links that you need for your application, both for development and production use so they can be white-listed.

After you have made the request if using the library you will have to react on the recieved intent from the user logging in.

With that you response you will create the token exchange request. The token exchange request will respond with a token if succesful that can be set through the MapsIndoors class by calling setAuthToken. The set access token is used by the MapsIndoors SDK, for remaining lifespan of the SDK. If the SDK is initialized again, a token will need to be set again.

//Continuing the example of using the appAuth library together with MapsIndoors
override fun onNewIntent(intent: Intent?) {
    super.onNewIntent(intent)
    val data = intent!!.data
    val authorizationResponse = AuthorizationResponse.Builder(authorizationRequest!!).fromUri(data!!).build()
    authorizationService!!.performTokenRequest(authorizationResponse.createTokenExchangeRequest()) { response: TokenResponse?, _: AuthorizationException? ->
        if (response != null) {
            if (response.accessToken != null) {
                MapsIndoors.setAuthToken(response.accessToken!!)
            }
        }
    }
}

You can now validate that you have set up the token correctly by calling MPApiKeyValidatorService.checkAuthToken with your solution key like this:

fun checkApiKeyValidityAndInitializeSDK() {
    MPApiKeyValidatorService.checkAuthToken("apikey") {
        if (it != null) {
            //An error happened, authentication was not succesful.
        }else {
            //You have now succesfully gotten access to a solution that requires authentication
            MapsIndoors.load(applicationContext, "apikey", null)
        }
    }
}

The SDK will ensure all subsequent performed data requests will include the set access token.

The above login flow is executed by the SDK if authentication is needed.

The SDK will then make sure that all requests for data are performed using this access token.

Note that the access token obtained from a MapsIndoors Single Sign-on flow cannot be used as access token for the Booking Service. Single Sign-on access tokens are issued by MapsIndoors and not the underlying tenant. You need to login directly on your Booking tenant to get an access token that can be used for working with the Booking Service as an authenticated user.

Note that the access token obtained from a MapsIndoors Single Sign-on flow cannot be used as access token for the . Single Sign-on access tokens are issued by MapsIndoors and not the underlying tenant. You need to login directly on your Booking tenant to get an access token that can be used for working with the Booking Service as an authenticated user.

You will also need to provide a redirect url, but this is not provided by MapsIndoors. The callback url may be a .

Note that the access token obtained from a MapsIndoors Single Sign-on flow cannot be used as access token for the . Single Sign-on access tokens are issued by MapsIndoors and not the underlying tenant. You need to login directly on your Booking tenant to get an access token that can be used for working with the Booking Service as an authenticated user.

For a full example, please .

https://auth.mapsindoors.com
SSO page
OIDC metadata
IdentityServer4
see here
Android app link
Booking service
Android app link
Booking service
see here