OAuth
Client-side Connect Flow
Android OAuth sequence
While the high-level OAuth sequence on the Overview still holds true, we recommend this Android-specific client-side flow, which avoids exposing your client_secret
:
- The merchant taps the Connect with Braintree button in your app
- Your app sends the merchant to Braintree for authorization using an
Intent
and the connect URL supplied by your server - After the merchant has authorized and your server has created an access token, your server redirects the merchant to a URL that is captured by an
IntentFilter
in your app
Display the button
We provide a Connect with Braintree button that allows you to send merchants to Braintree to log in and agree to your requested OAuth scopes. To display this button in your app:
- Download the connect-braintree-android assets.
- Add them to your project's
res
folder. - Display the button in an
ImageButton
or similar element in your view:
- XML
<ImageButton
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:src="@drawable/btn_bt_connect_normal"
android:background="@android:color/transparent"
android:id="@+id/connect"
android:layout_marginTop="128dp" />
Send the merchant to Braintree
When a merchant taps the Connect with Braintree button, your app should send them to Braintree using an Intent
and the connect URL from your server:
- Android
Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse(CONNECT_URL_FROM_SERVER));
startActivity(intent)
Capture the return URL with an intent filter
After authorizing, your server should redirect your merchant back to the /merchant-connected
path. To pick up this path and launch your next desired activity, add the following IntentFilter
to your app's manifest.xml
:
- XML
<activity android:name="com.my.example.app.MyActivity"
android:launchMode="singleTask"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:scheme="https://"
android:host="example.com"
android:path="/merchant-connected"
/>
</intent-filter>
</activity>