(Legacy) Amazon FireOS SDK with Dynamic Client Registration amazon-fireos-sdk-with-dynamic-client-registration
Introduction Intro
FireOS AccessEnabler SDK for FireTV was modified to enable Authentication without using session cookies. As more and more browsers are restricting the access to cookies, another method was needed to allow authentication.
FireOS SDK 3.0.4 replaces the current app registration mechanism based on signed requestor ID and session cookie authentication with Dynamic Client Registration Overview.
API Changes API
Factory.getInstance
Description: Instantiates the Access Enabler object. There should be a single Access Enabler instance per application instance.
throws AccessEnablerException
Availability: v3.0+
Parameters:
- appContext: Android application context
- softwareStatement: value obtained from TVE Dashboard or null if “software_statement” is set in strings.xml
- redirectUrl : for FireTV implementations this parameter should be null. Any settings on this attribute will be ignored.
Notes
- invalid softwareStatement will cause the application not to initialize AccessEnabler or to register application for Adobe Pass Authentication and authorization
- redirectUrl parameter for FireTV is set by the SDK to adobepass://android.app as authentication is handled by unique AccessEnabler instance.
setRequestor
Description: Establishes the identity of the Channel. Each Channel is assigned an unique ID upon registering with Adobe for the Adobe Pass Authentication system. When dealing with SSO and remote tokens the authentication state can change when the application is in the background, setRequestor can be called again when the application is brought into foreground in order to synchronize with the system state (fetch a remote token if SSO is enabled or delete the local token if a logout happened in the meantime).
The server response contains a list of MVPDs together with some configuration information that is attached to the identity of the Channel. The server response is used internally by the Access Enabler code. Only the status of the operation (i.e. SUCCESS/FAIL) is presented to your application via the setRequestorComplete() callback.
If the urls parameter is not used, the resulting network call targets the default service provider URL: the Adobe Release Production environment.
If a value is provided for the urls parameter, the resulting network call targets all the URLs provided in the urls parameter. All configuration requests are triggered simultaneously in separate threads. The first responder takes precedence when compiling the list of MVPDs. For each MVPD in the list, the Access Enabler remembers the URL of the associated service provider. All subsequent entitlement requests are directed to the URL associated with the service provider that was paired with the target MVPD during the configuration phase.
Availability: v3.0+
public void setRequestor(String requestorId, ArrayList<String> urls)Availability: v3.0+
Parameters:
- requestorID: The unique ID associated with the Channel. Pass the unique ID assigned by Adobe to your site when you first register with the Adobe Pass Authentication service.
- urls: Optional parameter; by default, the Adobe service provider is used (http://sp.auth.adobe.com/). This array allows you to specify endpoints for authentication and authorization services provided by Adobe (different instances might be used for debugging purposes). You can use this to specify multiple Adobe Pass Authentication service provider instances. When doing so, the MVPD list is composed of the endpoints from all the service providers. Each MVPD is associated with the fastest service provider; that is, the provider that responded first and that supports that MVPD.
Deprecated:
- signedRequestorID: A copy of the requestor ID that is digitally signed with your private key. .
Callbacks triggered: setRequestorComplete()
logout
Description: Use this method to initiate the logout flow. The logout is the result of a series of HTTP-redirect operations due to the fact that the user needs to be logged out from both Adobe Pass Authentication servers and also from the MVPD’s servers. As a result, this flow will open a ChromeCustomTab window to execute logout.
Availability: v3.0+
Parameters: None
Callbacks triggered: setAuthenticationStatus()
Programmer Implementation Flow Progr
1. Register Application
-
Obtain software_statement from Adobe Pass ( TVE Dashboard )
-
There are two options to pass these values to Adobe Pass SDK :
-
In strings.xml add :
code language-none <string name>"software\_statement">[softwarestatement value]</string> -
Call AccessEnabler.getInstance(appContext,softwareStatement, null)
-
2. Configure Application
-
a. setRequestor(requestor_id)
The SDK will perform the following operations:
- register application: using software_statement, the SDK will obtain a client_id, client_secret, client_id_issued_at, redirect_uris, grant_types. This information will be stored in the application’s internal storage.
- obtain an access_token using client_id, client_secret and grant_type=“client_credentials” . This access_token will be used on each call made by the SDK to Adobe Pass servers.
-
in case an MVPD requires Passive Authentication, a WebView will open to execute passive with that MVPD and will close when complete
-
b. checkAuthentication()
- true : go to Authorization
- false : go to Select MVPD
-
c. getAuthentication : the SDK will include access_token in call parameters
- mvpd remembered : go to setSelectedProvider(mvpd_id)
- mvpd not selected : displayProviderDialog
- mvpd selected : go to setSelectedProvider(mvpd_id)
-
d. setSelectedProvider
- mvpd_id authentication url is loaded in ChromeCustomTabs
- login successful : delegate.setAuthenticationStatus ( SUCCESS )
- login canceled : reset MVPD selection
- URL scheme is established as “adobepass://android.app” to capture when the authentication is complete
-
e. get/checkAuthorization : SDK will include **access_token **in header as Authorization: Bearer access_token
-
if authorization is succesful, a call will be made for obtaining the media token
-
f. logout :
- SDK will delete valid token for the current requestor (authentications obtained by other applications and not through SSO will remain valid)
- SDK will open Chrome Custom Tabs to reach mvpd_id logout endpoint. Once completed, the Chrome Custom Tabs will be closed
- URL scheme is established as “adobepass://logout” to capture the moment when logout is complete
- logout will trigger a sendTrackingData(new Event(EVENT_LOGOUT,USER_NOT_AUTHENTICATED_ERROR) and a callback : setAuthenticationStatus(0,“Logout”)
Note: as each call requires an access_token, possible error codes below are handled in the SDK.