Stytch offers a comprehensive mobile authentication solution that simplifies integration with its API using our mobile SDKs. As the only authentication provider with a complete set of APIs, Stytch enables the creation of custom end-to-end authentication flows tailored to your mobile tech stack. With two integration options, Stytch and StytchUI, Stytch's SDKs allow you to craft an authentication experience that flexibility integrates into your app. Stytch offers a fully customizable headless API integration to suit your specific needs, while StytchUI provides a configurable view to expedite the integration process.
If you are completely new to Stytch, prior to using the SDK you will first need to visit Stytch's homepage, sign up, and create a new project in the dashboard. You'll then need to adjust your SDK configuration — adding your app's application id to Authorized applications and enabling any Auth methods you wish to use.
The Stytch Android SDK is distributed via Maven Central. To add the Stytch SDK, first ensure that you have added mavenCentral() to your projects build.gradle(.kts):
allprojects {
...
repositories {
...
mavenCentral()
}
}Then, add the Stytch SDK artifact to your application's dependencies:
dependencies {
...
implementation("com.stytch.sdk:sdk:latest.release")
...
}Lastly, you must modify your applications build.gradle(.kts) to supply three manifestPlaceholders; two of them are for enabling OAuth deeplinks, and one is for enabling our UI SDK. If you are not using either, you still need to supply these placeholders, but they can be blank. The OAuth manifest placeholder values can be any valid scheme or host, and do not relate to your OAuth settings in the Stytch Dashboard. These are only used internally within your app to register an OAuth receiver activity. More information is available in our OAuth tutorial. The STYTCH_PUBLIC_TOKEN is your public token, which you can get from your project dashboard
android {
...
defaultConfig {
...
manifestPlaceholders = [
'stytchOAuthRedirectScheme': '[YOUR_AUTH_SCHEME]', // eg: 'app'
'stytchOAuthRedirectHost': '[YOUR_AUTH_HOST]', // eg: 'myhost'
'STYTCH_PUBLIC_TOKEN': '[STYTCH_PUBLIC_TOKEN]', // if using B2C, else empty string
'STYTCH_B2B_PUBLIC_TOKEN': '[STYTCH_B2B_PUBLIC_TOKEN'], // if using B2B, else empty string
]
...
}
}Before using any part of the Stytch SDK, you must call configure to set the application context and public token as specified in your project dashboard.
If configuring from an Application Class:
import com.stytch.sdk.consumer.StytchClient
class App : Application() {
override fun onCreate() {
super.onCreate()
...
StytchClient.configure(
context = this,
publicToken = [STYTCH_PUBLIC_TOKEN],
)
...
}
}If configuring from an activity:
import com.stytch.sdk.consumer.StytchClient
class MainActivity : FragmentActivity() {
override fun onCreate() {
super.onCreate()
...
StytchClient.configure(
context = applicationContext,
publicToken = [STYTCH_PUBLIC_TOKEN],
)
...
}
}Stytch exposes clients for both Consumer and B2B, so make sure to use the one that corresponds with your project configuration. For the sake of this example we will be using the consumer one: StytchClient.
import com.stytch.sdk.consumer.StytchClient
class MyViewModel : ViewModel() {
// we'll be saving a method ID for later authentication
private var methodId: String? = null
// Send a OTP (one time passcode) via SMS
fun sendSmsOtp(phoneNumber: String) {
viewModelScope.launch {
val response = StytchClient.otps.sms.loginOrCreate(
OTP.SmsOTP.Parameters(
phoneNumber = phoneNumber,
),
)
when (response) {
is StytchResult.Success -> {
// save the methodId for the subsequent authenticate call
methodId = response.value.methodId
}
is StytchResult.Error -> {
// something went wrong
}
}
}
}
// Authenticate a user using the OTP sent via SMS
fun authenticateSmsOtp(code: String) {
viewModelScope.launch {
val response = StytchClient.otps.authenticate(
OTP.AuthParameters(
token = code,
methodId = methodId
),
)
when (response) {
is StytchResult.Success -> {
// the user has been authenticated
}
is StytchResult.Error -> {
// something went wrong
}
}
}
}
}While the Stytch Android SDK makes heavy use of Coroutines under the hood, every suspend function has a callback-compatible version for developers that are not using Coroutines. An example of the above authenticateSmsOtp method with callbacks might look like this:
fun authenticateSmsOtp(code: String) {
val params = OTP.AuthParameters(
token = code,
methodId = methodId
)
StytchClient.otps.authenticate(params) { response ->
when (response) {
is StytchResult.Success -> {
// the user has been authenticated
}
is StytchResult.Error -> {
// something went wrong
}
}
}
}For further information and tutorials on some of our more common implementations, see the following:
Full reference documentation is available for Stytch and StytchUI.
This repository is organized in three main parts:
- workbench-apps/ - These are testing apps, intended for internal development purposes. Almost all user flows are implemented in these apps, for reference and testing, but do not necessarily represent best practices or realistic usage.
- example-apps/ - These are two example apps (one in Kotlin, one in Java), demonstrating realistic use cases of the Stytch SDK, using both the Headless and Pre-Built UI implementations. Feel free to copy these projects and edit them to suit your needs
- source/sdk/ - This is the actual source code of the Stytch Android SDK
If you wish to run any of the example or workbench apps from within this repository, you should add some, or all, of the following properties to your local.properties file:
- STYTCH_PUBLIC_TOKEN - Your Consumer Project public token. Used in both of the example apps and the consumer workbench app
- GOOGLE_OAUTH_CLIENT_ID - A Google OAuth client ID, created in your Google Console (linked to
com.stytch.exampleapp) and added to your Stytch Dashboard, used in the consumer workbench app for testing Google One Tap - STYTCH_B2B_PUBLIC_TOKEN - Your B2B Project public token. Used in the B2B workbench app
- STYTCH_B2B_ORG_ID - The ID of one of your B2B organizations. This is used as a convenience property in the B2B workbench app, so you don't have to type it in manually on your device
- UI_GOOGLE_CLIENT_ID - A Google OAuth client ID, created in your Google Console (linked to
com.stytch.uiworkbench) and added to your Stytch Dashboard, used in the UI workbench app for testing Google One Tap - PASSKEYS_DOMAIN - The domain where you host your
/.well-known/assetlinks.jsonfile, used in the consumer workbench app to test Passkeys flows
If you do not add these properties, the applications should still build, but will not function as expected.
Join the discussion, ask questions, and suggest new features in our Slack community!
Check out the Stytch Forum or email us at [email protected].
The Stytch Android SDK is released under the MIT license. See LICENSE for details.