Overview

There are up to 900 million HUAWEI ID users across the globe. Apps with HUAWEI Account Kit integrated allow users to sign in using their HUAWEI IDs with just a tap. By integrating HUAWEI Account Kit, you can attract new users, by leveraging the enormous HUAWEI ID user base. HUAWEI Account Kit complies with the OAuth 2.0 and OpenID Connect protocols.
To use this Kit, you will need to:

• Register a HUAWEI ID on HUAWEI Developers. Then, create an app, configure app information, and enable HUAWEI Account Kit in AppGallery Connect.
• Create a project in Android Studio and integrate the Account SDK.
• Call and debug the APIs of HUAWEI Account Kit by referring to its development guide.

What You Will Create

In this codelab, you will use the demo project that we provide to call the APIs of HUAWEI Account Kit. Through the demo project, you will:

• Experience the HUAWEI ID authorization and sign-in process.
• Obtain basic user information such as the user ID, nickname, and profile picture from HUAWEI Account Kit.
• Revoke authorization to an app through the corresponding API.

What You Will Learn

In this codelab, you will learn how to:

• Create an app in AppGallery Connect.
• Enable HUAWEI Account Kit.
• Integrate the Account SDK.
• Call the APIs of HUAWEI Account Kit.

Hardware Requirements

• A computer (desktop or laptop) that runs the Windows 10 operating system
• A Huawei phone with HMS Core (APK) 4.0.0.300 or later, to be used for demo project running and service debugging

Software Requirements

• Android Studio 3.X
• JDK 1.8 and later
• SDK Platform 26 and later
• Gradle 4.6 and later

To integrate HUAWEI Account Kit, you must complete the following preparations:

• Create an app in AppGallery Connect.
• Create a project in Android Studio.
• Generate a signing certificate.
• Generate a signing certificate fingerprint.
• Configure the signing certificate fingerprint.
• Add the app package name and save the configuration file.
• Add the AppGallery Connect plug-in and the Maven repository in the project-level build.gradle file.
• Configure the signature file in Android Studio.

For details, please refer to Preparations for Integrating HUAWEI HMS Core.

1. Sign in to AppGallery Connect, click My projects, find your project, and click your desired app. On the page that is displayed, go to Project Setting > Manage APIs.
   
2. Enable HUAWEI Account Kit.
   

Now, you have successfully enabled HUAWEI Account Kit for your app.

Obtaining the Configuration File

1. Sign in to AppGallery Connect, click My projects, find your project, and click your desired app. On the page that is displayed, go to Project Setting > General information. In the Project area, click Set.
   
2. Set the app data storage location as needed, and click OK.
   
3. In the App information area, download the agconnect-services.json file.
   
4. Move the downloaded agconnect-services.json file to the root directory of the app module in your Android Studio project.
   

Adding Build Dependencies

1. Open the build.gradle file in the app directory.
   
2. Add build dependencies in the dependencies block and replace {version} with the actual Account SDK version number.

   dependencies {
       implementation 'com.huawei.hms:hwid:{version}'
   }
   
   

3. Click Sync Now to synchronize your project.
   

Configuring Obfuscation Scripts

1. Open proguard-rules.pro, the obfuscation configuration file of your Android Studio project.
2. Add configurations to exclude the HMS Core SDK from obfuscation.

   -ignorewarnings 
   -keepattributes *Annotation* 
   -keepattributes Exceptions 
   -keepattributes InnerClasses 
   -keepattributes Signature 
   -keepattributes SourceFile,LineNumberTable 
   -keep class com.hianalytics.android.**{*;} 
   -keep class com.huawei.updatesdk.**{*;} 
   -keep class com.huawei.hms.**{*;} 
   
   

3. If you have used AndResGuard, add it to the allowlist in the obfuscation configuration file

   "R.string.hms*", 
   "R.string.connect_server_fail_prompt_toast", 
   "R.string.getting_message_fail_prompt_toast", 
   "R.string.no_available_network_prompt_toast", 
   "R.string.third_app_*", 
   "R.string.upsdk_*", 
   "R.layout.hms*", 
   "R.layout.upsdk_*", 
   "R.drawable.upsdk*", 
   "R.color.upsdk*", 
   "R.dimen.upsdk*", 
   "R.style.upsdk*",
   "R.string.agc*"
   
   

HUAWEI Account Kit mainly provides APIs for sign-in, silent sign-in, sign-out, and authorization revoking. In this codelab, you can create a UI in your Android Studio project. An example is shown in the following figure.

Signing in with a HUAWEI ID in ID Token Mode

Service Process

1. A user taps the Sign In with HUAWEI ID button to request to sign in with a HUAWEI ID.
2. The Account SDK brings up the user sign-in authorization interface, explicitly notifying the user of the content to be authorized based on the authorization scope contained in the sign-in request.
3. After the user authorizes your app to access the requested content, the Account SDK returns the ID token to your app.
4. Your app verifies the ID token locally or using the HUAWEI Account Kit server.

Sample Code

1. Display the HUAWEI ID sign-in button.

Your app displays the HUAWEI ID sign-in button on the sign-in screen.

2. Call the setIdToken method of HuaweiIdAuthParamsHelper to request authorization.

   HuaweiIdAuthParams mHuaweiIdAuthParams;
   mHuaweiIdAuthParams = new HuaweiIdAuthParamsHelper (HuaweiIdAuthParams.DEFAULT_AUTH_REQUEST_PARAM). setIdToken().createParams();
   
   

3. Call the getService method of HuaweiIdAuthManager to initialize the HuaweiIdAuthService object.

   HuaweiIdAuthService mHuaweiIdAuthService = HuaweiIdAuthManager.getService (HuaweiIdActivity.this, mHuaweiIdAuthParams);
   
   

4. Call the getSignInIntent method of HuaweiIdAuthService to bring up the HUAWEI ID sign-in authorization interface.

   startActivityForResult(mHuaweiIdAuthService.getSignInIntent(), Constant.REQUEST_SIGN_IN_LOGIN);
   
   

5. Process the sign-in result after the authorization is complete.

   protected void onActivityResult(int requestCode, int resultCode, Intent data) {
       super.onActivityResult(requestCode, resultCode, data);
       if (requestCode == Constant.REQUEST_SIGN_IN_LOGIN) {
           //login success
           //get user message by parseAuthResultFromIntent
           Task< AuthHuaweiId> authHuaweiIdTask = HuaweiIdAuthManager. parseAuthResultFromIntent(data);
           if (authHuaweiIdTask.isSuccessful()) {
               AuthHuaweiId huaweiAccount = authHuaweiIdTask.getResult();
               Log.i(TAG, "signIn success " + huaweiAccount.getDisplayName());
           } else {
               Log.i(TAG, "signIn failed: " + ((ApiException) authHuaweiIdTask.getException()).getStatusCode());
           }
       } 
   }
   
   

Signing in with a HUAWEI ID in Authorization Code Mode

HUAWEI Account Kit also allows for sign-in using a HUAWEI ID in authorization code mode. Use this mode when you have your own app server.

Service Process

1. A user taps the Sign In with HUAWEI ID button to request to sign in with a HUAWEI ID.
2. The Account SDK brings up the user sign-in authorization interface, explicitly notifying the user of the content to be authorized based on the authorization scope contained in the sign-in request.
3. After the user authorizes your app to access the requested content, the Account SDK returns the authorization code to your app.
4. Based on the authorization code, your app obtains the access token, refresh token, and ID token from the HUAWEI Account Kit server.
5. If the access token or ID token has expired, your app server obtains a new access token or ID token using the refresh token.

Sample Code

1. Display the HUAWEI ID sign-in button.

Your app displays the HUAWEI ID sign-in button on the sign-in screen.

2. Call the setAuthorizationCode method of HuaweiIdAuthParamsHelper to request authorization.

   HuaweiIdAuthParams authParams= new HuaweiIdAuthParamsHelper (HuaweiIdAuthParams.DEFAULT_AUTH_REQUEST_PARAM). setAuthorizationCode().createParams();
   
   

3. Call the getService method of HuaweiIdAuthManager to initialize the HuaweiIdAuthService object.

   HuaweiIdAuthService service = HuaweiIdAuthManager.getService (MainActivity.this, authParams);
   
   

4. Call the getSignInIntent method of HuaweiIdAuthService to bring up the HUAWEI ID sign-in authorization interface.

   startActivityForResult(service.getSignInIntent(), Constant.REQUEST_SIGN_IN_LOGIN_CODE);
   
   

5. Process the sign-in result after the authorization is complete.

   protected void onActivityResult(int requestCode, int resultCode, Intent data) {
       super.onActivityResult(requestCode, resultCode, data);
       if (requestCode == Constant.REQUEST_SIGN_IN_LOGIN_CODE) {
           //login success
           Task< AuthHuaweiId> authHuaweiIdTask = HuaweiIdAuthManager. parseAuthResultFromIntent(data);
           if (authHuaweiIdTask.isSuccessful()) {
               AuthHuaweiId huaweiAccount = authHuaweiIdTask.getResult();
               Log.i(TAG, "signIn get code success.");
           } else {
               Log.i(TAG, "signIn get code failed: " + ((ApiException) authHuaweiIdTask.getException()).getStatusCode());
           }
       }
   }
   
   

6. Your app reports the obtained authorization code to your app server. Then, your app server will call the /oauth2/v3/token API to request the ID token, access token, and refresh token from the HUAWEI Account Kit server.

Request example:

POST /oauth2/v3/token HTTP/1.1 
Host: oauth-login.cloud.huawei.com 
Content-Type: application/x-www-form-urlencoded 
grant_type=authorization_code& 
code=ANXxSNjwQDugOnqeikRMu2bKaXCdlLxn& 
client_id=12345& 
code_verifier=123444444dfd4sadfsdwew321454567587658776t896fdfgdscvvbfxdgfdgfdsfasdfsdgd233& 
redirect_uri=hms%3A%2F%2Fredirect_uri& 
need_open_uid=true

Response example:

HTTP/1.1 200 OK 
Content-Type: application/json;charset=UTF-8 
Cache-Control: no-store 
Pragma: no-cache 
  
{ 
"access_token": "CFyJ21sNODl16eV9y2vu3CwQk9DBr32BkOcxxgAd7MZUR5th1giyTk5\/kA+QDAyxou+\/5U2zzBRcf3qgLkkFdtbbC+mM3zFV7xj7CCEMHc5Tw92al0Y=", 
"refresh_token": "CF13G0sRaGybtYt7SIyeUILNORtTFwMgz4ao5C7j7vtgLPt6ogmXKjdI8RS\/YlyS71z4DyP6kEMnOrRlmNK0KhdOUNWd+qVLLRsEEHkqRIKpuAkPvL8=", 
    "expires_in": 3600, 
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjExOGRmMjU0YjgzNzE4OWQxYmMyYmU5NjUwYTgyMTEyYzAwZGY1YTQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiI3ODI0NTY2Njc4OTgtc2M0MzE3Y2l0NGEwMjB0NzdrbGdsbWo1ZjA4YWtnMWIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI3ODI0NTY2Njc4OTgtN2NkNGJpYWRkaGVwNGc4cnZic2VlOGtwcDA5Zm1hNzIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDE3MTIxMzkwMzgwNDE2MDc0MTQiLCJlbWFpbCI6Inh1ZXpoZW5odWF0anVAc2luYS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicGljdHVyZSI6Imh0dHBzOi8vbGg1Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tMm9lTTllT09zNTAvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQkkvMVpOSC0xdmxxc3cvczk2LWMvcGhvdG8uanBnIiwiaWF0IjoxNTYxNDUxMTUyLCJleHAiOjE1NjE0NTQ3NTJ9.Eo9IHMkid596jvt1YYzNsRtDq9c9K9dbougkU41Noh7TXNiko86_RuWwHID6k1kDg398AwC3wwH-t2hLcUjgrXPNd9XYU96Jp4-UxdDszP6ywEJgvvBCyTHzsi2auvKt_MnfSrs3qOKfh7noJvXq8AY-Hi3vqSUks5kGqbZKVzCHhBDO3RD9Fs9YHsB6w0XVKZojPOBDaAT_TiijoChn-Q-e8NbSGUx52OgeH-Nw5lOj6JVb_7fb6ucWRzlhiQuzFjklevLVw2pjw1MxKbl1vfRp0X699uZBVjgl9hj1L7LSDObuPzLiXF7ojji5JKYC6zIwAtZQUZ_VUmSk01GDLQ", 
    "scope": "openid profile email", 
"token_type": "Bearer", 
"open_id": "MDFAMzAwMDUxODgzQDNiaODc3NTkzNGRlNmNiaMzBlNmQ2YjAzNTgzNTJhMDNjQDkwMGQwYTY1NmE1NmNlNTU1M2EzMWY3Y2VmZWQwOGJlYTRkZTU4ZjM5YWFmOWNhNTk0ODEyZA", 
}

7. The access token has a short validity period (currently, 60 minutes). When the access token has expired or is about to expire, request a new access token from the HUAWEI Account Kit server by sending the refresh token through the /oauth2/v3/token API.

Request example:

POST /oauth2/v3/token HTTP/1.1 
Host: oauth-login.cloud.huawei.com 
Content-Type: application/x-www-form-urlencoded 
  
grant_type=refresh_token& 
client_id=12345& 
client_secret=bKaZ0VE3EYrXaXCdCe3d2k9few& 
refresh_toekn=CF2Mm03n0aos9iZZ8nIhfyDtoXy74CXeBi50gVVhMpB0IUzlv9ZwizEvTBhVoF820ZPim0JwNR9j2p1qgEQWnIVYZRlp4T6ezMgekUnsHBkvNev5rd2MdfQMLP

Response example:

HTTP/1.1 200 OK 
Content-Type: application/json;charset=UTF-8 
Cache-Control: no-store 
Pragma: no-cache 
  
{ 
"access_token": "CFyJ4J\/l6wuwcFqYOJG4maq2ca8RAV+g0i+mel6qCV5lvqH0PYtW0+BNwfHWg0AqMnW6ZdBvUgs7ijkxMFh1xVP\/B+vQXz3PWsivkKCuL78XtbLt7vs=", 
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjExOGRmMjU0YjgzNzE4OWQxYmMyYmU5NjUwYTgyMTEyYzAwZGY1YTQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiI3ODI0NTY2Njc4OTgtc2M0MzE3Y2l0NGEwMjB0NzdrbGdsbWo1ZjA4YWtnMWIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiI3ODI0NTY2Njc4OTgtN2NkNGJpYWRkaGVwNGc4cnZic2VlOGtwcDA5Zm1hNzIuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMDE3MTIxMzkwMzgwNDE2MDc0MTQiLCJlbWFpbCI6Inh1ZXpoZW5odWF0anVAc2luYS5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicGljdHVyZSI6Imh0dHBzOi8vbGg1Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tMm9lTTllT09zNTAvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQkkvMVpOSC0xdmxxc3cvczk2LWMvcGhvdG8uanBnIiwiaWF0IjoxNTYxNDUxMTUyLCJleHAiOjE1NjE0NTQ3NTJ9.Eo9IHMkid596jvt1YYzNsRtDq9c9K9dbougkU41Noh7TXNiko86_RuWwHID6k1kDg398AwC3wwH-t2hLcUjgrXPNd9XYU96Jp4-UxdDszP6ywEJgvvBCyTHzsi2auvKt_MnfSrs3qOKfh7noJvXq8AY-Hi3vqSUks5kGqbZKVzCHhBDO3RD9Fs9YHsB6w0XVKZojPOBDaAT_TiijoChn-Q-e8NbSGUx52OgeH-Nw5lOj6JVb_7fb6ucWRzlhiQuzFjklevLVw2pjw1MxKbl1vfRp0X699uZBVjgl9hj1L7LSDObuPzLiXF7ojji5JKYC6zIwAtZQUZ_VUmSk01GDLQ", 
    "expires_in": 3600, 
    "scope": "openid profile email", 
    "token_type": "Bearer" 
}

Signing Out from a HUAWEI ID

Service Process

1. A user has signed in to an app and attempts to sign out.
2. Your app calls the HuaweiIdAuthService.signOut method to request the Account SDK to sign the user out.
3. The Account SDK deletes the HUAWEI ID sign-in information of the user and sends the sign-out result to your app.

Sample Code:

1. Call the signOut API using the HuaweiIdAuthService instance that is created during the HUAWEI ID sign-in authorization.

   // Use the HuaweiIdAuthService instance to call the getService API. The service is generated during authorization.
   Task<Void> signOutTask = service.signOut();
   
   

2. Perform processing after the sign-out is complete.

   signOutTask.addOnCompleteListener(new OnCompleteListener<Void>() {
       @Override
       public void onComplete(Task<Void> task) {
           //Processing after the sign-out.
           Log.i(TAG, "signOut complete");
       }
   });
   
   

After completing your app development, click to run your Android Studio project to generate the APK and install it on your phone for testing. After launching the demo app, you'll see the following screen:

Well done. You have successfully completed this codelab and learned how to:

• Create an app in AppGallery Connect.
• Enable HUAWEI Account Kit.
• Integrate the Account SDK.
• Call the APIs of HUAWEI Account Kit.

For more information, please click the following link:
API Reference

To download the sample code, please click the button below:

Download