filmov
tv
Retrofit Tutorial — Token Authentication
Показать описание
In this video you'll learn about token authentication and how to implement it with Retrofit.
Tip: turn on subtitles to deal with my accent. A shortened transcript is also available below.
Find the tutorial for an easy read here:
Watch 20+ Retrofit videos in our playlist here:
----------------------------------------
Our book on Retrofit is also available on leanpub:
----------------------------------------
Checkout 320+ technical in-depth tutorials:
Subscribe for two new videos every week:
----------------------------------------
Follow us on social media to get updates on new content:
----------------------------------------
Shortened transcript:
In the last video we have looked at basic authentication so a standardized way on how you can identify your user to your server. In this video we will look at the less standardized version of it, which is total authentication. Instead of encoding the user name and password on every request and sending it with it, we are getting a special token. Most APIs create the token when you log in and return it to you and all subsequent calls are going to be made with that token. Basically all protected endpoints expect that token as the authorization header.
In this video we will look at how you can implement that on an android app with Retrofit. Now it's important that you do this on an HTTPS environment. Otherwise this can be read by anyone and you shouldn't send passwords in clear text. In this case the response is a user ID, the email and also that secret token. The token is important! You need to save that because you will need it for all following requests. Here we have a second endpoint which is getSecretInfo and if you're sending this without any token you will get a 401 back. Basically the server is telling us "hey I won't give you that information unless I get a valid token from you" Most token APIs expect the token in the authorization header. Use the authorization as the header key and the value will just be that special token we just got. If you send it now you'll get an interesting string back. Once again if we change this token to something else invalid. So we send a token but it's not correct, we will get that error message back.
Let's implement all of that: the login and then the getSecretInformation() on the Android app. Let's describe the Retrofit interface. The first interface we need to describe is the login. As you have seen in Postman this is a POST request and the URL is simply /login. We expect a user object back, so this is going to be user and let's call this just simply "login()". The request body will be the login class I have just showed you. The second part is the secretInfo(). This is simply /secretInfo. As you have seen in Postman, it's a GET request since we are just requesting data. Since it's just a string, we won't to any transformation into a Java class and this will be getSecret(). In this request we need to send the token with. We're going to add an additional parameter, which is going to be a @Header. This will be a string and it will be the auth token you want to send. Now we have to tell the Retrofit that this token is going to be the authorization header.
Okay so first step is you're going to log in with the login information. That login gives us the user object back, where we have the token. Then we will use that token to the request the secret and the secret is just a string, so we won't to any parsing. Let's jump into the activity and implement all of that. That's it! In this quick and simple example you have seen how you can use the token authentication to log in the user, get the token and use a token for further requests. Obviously when the API gets more complex with more endpoints this is still not ideal. You should save the token in the more central place and, ideally, you also handle the authorization header in a more central place. One option is the ServiceGenerator which we will show you in a separate video in the future.
Tip: turn on subtitles to deal with my accent. A shortened transcript is also available below.
Find the tutorial for an easy read here:
Watch 20+ Retrofit videos in our playlist here:
----------------------------------------
Our book on Retrofit is also available on leanpub:
----------------------------------------
Checkout 320+ technical in-depth tutorials:
Subscribe for two new videos every week:
----------------------------------------
Follow us on social media to get updates on new content:
----------------------------------------
Shortened transcript:
In the last video we have looked at basic authentication so a standardized way on how you can identify your user to your server. In this video we will look at the less standardized version of it, which is total authentication. Instead of encoding the user name and password on every request and sending it with it, we are getting a special token. Most APIs create the token when you log in and return it to you and all subsequent calls are going to be made with that token. Basically all protected endpoints expect that token as the authorization header.
In this video we will look at how you can implement that on an android app with Retrofit. Now it's important that you do this on an HTTPS environment. Otherwise this can be read by anyone and you shouldn't send passwords in clear text. In this case the response is a user ID, the email and also that secret token. The token is important! You need to save that because you will need it for all following requests. Here we have a second endpoint which is getSecretInfo and if you're sending this without any token you will get a 401 back. Basically the server is telling us "hey I won't give you that information unless I get a valid token from you" Most token APIs expect the token in the authorization header. Use the authorization as the header key and the value will just be that special token we just got. If you send it now you'll get an interesting string back. Once again if we change this token to something else invalid. So we send a token but it's not correct, we will get that error message back.
Let's implement all of that: the login and then the getSecretInformation() on the Android app. Let's describe the Retrofit interface. The first interface we need to describe is the login. As you have seen in Postman this is a POST request and the URL is simply /login. We expect a user object back, so this is going to be user and let's call this just simply "login()". The request body will be the login class I have just showed you. The second part is the secretInfo(). This is simply /secretInfo. As you have seen in Postman, it's a GET request since we are just requesting data. Since it's just a string, we won't to any transformation into a Java class and this will be getSecret(). In this request we need to send the token with. We're going to add an additional parameter, which is going to be a @Header. This will be a string and it will be the auth token you want to send. Now we have to tell the Retrofit that this token is going to be the authorization header.
Okay so first step is you're going to log in with the login information. That login gives us the user object back, where we have the token. Then we will use that token to the request the secret and the secret is just a string, so we won't to any parsing. Let's jump into the activity and implement all of that. That's it! In this quick and simple example you have seen how you can use the token authentication to log in the user, get the token and use a token for further requests. Obviously when the API gets more complex with more endpoints this is still not ideal. You should save the token in the more central place and, ideally, you also handle the authorization header in a more central place. One option is the ServiceGenerator which we will show you in a separate video in the future.
0:10:46
Retrofit Tutorial — Token Authentication
0:21:11
#10 Android Login/Signup with MVVM - Passing Auth Token to Every API
0:36:36
😍 #3 Authorization Token in Retrofit 🥳 | OKHttpClient | Android | Kotlin 🤩 🖖✅
2:29:58
How to Build and Deploy a Custom JWT Auth System (Ktor, MongoDB, Android)
0:14:35
Android Shared Preference + Token Implementation Retrofit | CheezyCode (Hindi)
0:10:44
REST API Token Authentication for Mobile Apps
0:09:18
Android Retrofit Tutorial Using Kotlin 2023 | Getting JSON Response From Api Using Retrofit Kotlin
0:10:23
Retrofit Tutorial — Basic Authentication
0:23:00
Retrofit Tutorial — OAuth Authentication with GitHub
0:13:50
Android Retrofit Interceptors + OkHttpClient | CheezyCode (Hindi)
0:07:58
Retrofit - Custom Request Headers | Android Studio Tutorial
0:08:38
ID Tokens VS Access Tokens: What's the Difference?
0:18:46
#4 Kotlin Retrofit Tutorial - User Login
0:17:46
Login with Retrofit using MVVM Java | Step By Step Explanation
0:09:22
#23 Retrofit Android Tutorial - Retrofit Basic Authentication
0:01:32
Android : Retrofit and OkHttp basic authentication
0:16:27
Android Kotlin #04 - Adicionando retrofit + interceptor + token JWT
0:08:58
API calling using Retrofit (Login) | Simple login with Retrofit
0:12:56
Getting started with Retrofit | android studio | java
0:14:45
#13 Retrofit Android Tutorial - Sign Up using Retrofit POST Request
0:09:23
Android Studio - REST API Basic Authentication
0:14:15
#15 Retrofit Android Tutorial - User Login
0:16:24
KOTLIN Retrofit Tutorial | Part 1 | Simple GET Request | For Beginners | Easiest Way to API Call
0:34:48
Authentication implementation: ViewModel and Github api using Retrofit (Build a Login Screen Part 4)
Комментарии