OAuth is in closed beta in production, and open beta in sandbox. Contact us to express interest in the production beta release.

Android OAuth sequence

While the high-level OAuth sequence on the Overview still holds true, we recommend this Android-specific client-side flow, which avoids exposing your client_secret:

  1. The merchant taps the Connect with Braintree button in your app
  2. Your app sends the merchant to Braintree for authorization using an Intent and the connect URL supplied by your server
  3. After the merchant has authorized and your server has created an access token, your server redirects the merchant to a URL that is captured by an IntentFilter in your app

Display the button

We provide a Connect with Braintree button that allows you to send merchants to Braintree to log in and agree to your requested OAuth scopes. To display this button in your app:

  1. Download the connect-braintree-android assets.
  2. Add them to your project's res folder.
  3. Display the button in an ImageButton or similar element in your view:
  android:layout_marginTop="128dp" />

Send the merchant to Braintree

When a merchant taps the Connect with Braintree button, your app should send them to Braintree using an Intent and the connect URL from your server:

Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse(CONNECT_URL_FROM_SERVER));

Capture the return URL with an intent filter

After authorizing, your server should redirect your merchant back to the /merchant-connected path. To pick up this path and launch your next desired activity, add the following IntentFilter to your app's manifest.xml:

<activity android:name="com.my.example.app.MyActivity" android:launchMode="singleTask">
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />

Future versions of the Android SDK will require you to verify your app's Intent Filters.

Next Page: Access Tokens →