OAuth 2.0 is the foundation of modern authentication in mobile apps, enabling secure access to APIs while protecting user data. However, implementing OAuth correctly in Android applications has unique security and usability challenges. From handling authentication flows efficiently to managing token security and step-up authentication, Android developers must navigate several considerations that differ from web-based implementations. In this session, we will break down OAuth 2.0 for native Android apps, focusing on practical guidelines, security best practices, and real-world challenges. We will explore: OAuth 2.0 authentication: flows and why RFC 8252 matters for Android developers Handling tokens securely: ID Tokens, Access Tokens, Refresh Tokens, and best practices for storage Step-Up Authentication: when it is needed, and how current security recommendations guide its implementation By the end of this session, attendees will clearly understand how to implement OAuth 2.0 securely on Android, manage tokens effectively, and leverage step-up authentication to protect sensitive user actions—without sacrificing user experience.
Chrystian Vieyra Cortes Engineering Manager
All Android developers, especially those who have login functionalities in their apps.
© 2014- DroidKaigi Committee