Skip to content
This repository has been archived by the owner on Feb 28, 2024. It is now read-only.

Session

Jump to bottom
Jan Škrášek edited this page Jan 22, 2019 · 5 revisions

Session module allows managing a session for handling user data.

See session module api-doc.

Working with session module requires enabled user-data.

Session Handling

To retrieve current active session, call getSession() on session facade. This method is synchronous, quite fast and doesn't have to be called on a background thread.

val session = sdk.sessionFacade.getSession()
val hasSession = session != null

To sign out, call signOut() method.

Authentication Methods

You may create a user session by multiple methods.

JWT Token

This method uses standardized JWT specification. It's your responsibility to authenticate a user & validate his identity. After a successful authentication, your server will use the clientSercret to generate a JWT token and encrypt your internal userId into the JWT token. The userId is connected directly to your B2B client ID and will not be available for any other B2B client.

To generate a JWT token use the following configuration:

  • {"alg": "HS256","typ": "JWT"};
  • JSON {"external_user_id":"1234"} as a payload where the "1234" will be replaced with your user ID, the id has to be a string;
  • your clientSecret as secret (provided client secret is not base64 encoded in context of JWT algorithm);
val jwtToken = fetchJwtTokenFromYourServer()
val result = sdk.sessionFacade.signInWithJwtToken(jwtToken)

You must not generate JWT token on the client's side, clientSecret is unprotected on the client's side and the attacker may then easily log into your users' accounts on Sygic Travel.

Google Id Token

This method uses Google's user session. To use this method, you have to request "id token" during user authentication through Google, as documented in Authenticate with a backend server. Then pass the id token to the Sygic Travel SDK.

val idToken = getTokenFromGoogleSignInAccount()
val result = sdk.sessionFacade.signInWithGoogleIdToken(idToken)

Facebook Access Token

This method uses Facebooks' user session. To use this method, you have to use Facebook's access token from user authentication, as documented in Facebook Login for Android - Quickstart.

val accessToken = getFacebookAccessToken()
val result = sdk.sessionFacade.signInWithFacebookAccessToken(accessToken)

Device Id (Anonymous Session)

Sign in with device id provides an anonymous session that has a full session behavior, e.g. synchronization and storage of user data. This may be used for user's future sign in/up. Before signing in with the user's account you will have to sign out the anonymous session, then after signing in the previous anonymous session will be automatically merged into the new signed session.

val result = sdk.sessionFacade.signInWithDeviceId()

Credentials Accounts

You may also use credentials accounts - accounts with an "email" and "password". This is not a recommended method. SDK provides appropriate API: signInWithCredentials(), register(), alternatively a resetPassword() method for sending an email to the user with reset-password link.

val registrationResult = sdk.sessionFacade.register(email, password, name)
val result = sdk.sessionFacade.signInWithCredentials(email, password)
val resetPasswordResult = sdk.sessionFacade.resetPassword(email)
Clone this wiki locally