Logging a User in to Profile Client
Logging a User in to Profile Client

Logging a User in to Profile Client

This intent is used to log in a user to the Profile Client. Login information is sent in this intent, including parameters that indicates if a response is desired.
There are two methods to login through intent:
  • Include
    user_name
     and
    user_pwd
     in the
    login_info
     JSON parameter, or specify them as separate extra strings. With this method the IDP provides (the access code, refresh token, and refresh token expiration information come from the IDP. The access code manages the Profile Client and logs out the user when the refresh token expires. This method of login requires previous configuration of the key fields (e.g. 
    key_user_name,
    key_user_pwd
    ) via the
    com.zebra.dfs.ACTION_NEW_CONFIG
     intent.
  • Include
    user_name
     and
    user_accesscode
     in the
    login_info
     JSON parameter. With this method, the key fields are irrelevant. The third-party application is responsible for refreshing the access code when necessary. The
    refresh_token_expiration
     field in
    login_info
    is optional:
    • refresh_token_expiration
       specified as non-zero: If a new access code is not sent by the refresh token expiration time using the
      com.zebra.dfs.ACTION_LOGIN
       intent, the Profile Client logs out.
    • refresh_token_expiration
       specified as 0 or if not specified: Profile Client is not automatically logged out.
Access tokens (
user_accesscode
) take precedence over the
user_name
 and
user_pwd
.
A third method to log in without intents is described in Additional Support for Third-Party Launcher.

Prerequisites

  • The user is logged out of the Profile Client.
  • The minimum required Profile Client Android version is 2.0.20205.
The
request_id
 and
package
 parameters are supported in 2.0.21200  and later.

Intent Definition

Name
Description
Action
com.zebra.dfs.ACTION_LOGIN
Intent Type
broadcast
Extra 0
This extra specifies the username. This is a mandatory parameter if the
login_info
 parameter is not included.
         Type
String
         Name
user_name
         Value
Username with domain (i.e.
sample.user@domain
)
Extra 1
This extra specifies the user password. This is a mandatory parameter if the
login_info
  parameter is not included.
         Type
String
         Name
user_pwd
         Value
User password
Extra 2
This extra specifies if the JSON login information is encrypted. This is an optional parameter.
         Type
Boolean
         Name
json_encrypted
         Value
True indicates the login information is encrypted. False or absent indicates the information is not encrypted.
Extra 3
This extra
login_info
 specifies the JSON login information. See below for the payload definition. This extra may or may not be encrypted.
Extra 3  - sent unencrypted
This extra specifies the JSON login information when not encrypted. This is an optional parameter.
                        Type
String
                        Name
login_info
                        Value
String in JSON format
Extra 3 – sent encrypted
This extra specifies the JSON login information when encrypted. This is an optional parameter.
                        Type
Byte array
                        Name
login_info
                        Value
See code snippet

ADB Examples

Sending
user_name
 and
user_pwd
 as separate extras:
adb shell am broadcast -a com.zebra.dfs.ACTION_LOGIN --es user_name   --es user_pwd  --es 
<other login parameters>
Sending
login_info
 unencrypted:
adb shell am broadcast -a com.zebra.dfs.ACTION_LOGIN –es json_encrypted false --es login_info  {user_name:sample.user@domain, 
user_pwd
:<password>}

login_info payload

The
login_info
 parameter contains JSON formatted data with the following fields:

{
"user_name": "username",          //mandatory    
"user_pwd": "userpwd",           //mandatory   
"user_accesscode": "xxxxxxxx",  //optional; access token from IDP.
"site_id": "xxxxxx",            //optional; client uses most recent-
                               // site_id received.
"refresh_token": "xxxxx",      //optional; specifies-
                               //refresh token.
"refresh_token_expiration": "xxxxxx",        //optional; specifies expiration
                                            // of refresh token.
"request_id": <unique id for the request>,      //optional; required if a 
                                                //response is desired.
"package": "<third_party_package_name>"        //optional; required if a 
                                               //response is desired.
}

Encyrption/Decryption

Encryption and decryption of the
login_info
 parameter are accomplished using the Google Tink Library at //github.com/google/tink. Following is sample code to accomplish encryption and decryption.


String plainText = "This is a plain text which needs to be encrypted!";
String aad = "These are additional authenticated data (optional)";
String secret_key = "5ecded3e-9562-11ea-bb37-0242ac130002"; // UUID

// Encryption
AesGcmJce agjEncryption = new AesGcmJce(secret_key.getBytes());
byte[] encrypted = agjEncryption.encrypt(plainText.getBytes(), aad.getBytes());

// Decryption
AesGcmJce agjDecryption = new AesGcmJce(secret_key.getBytes());
byte[] decrypted = agjDecryption.decrypt(encrypted, aad.getBytes());
The
secret_key
 must be configured to encrypt/decrypt the
login_info
. If the Profile Client does not have the
secret_key
 or
json_encrypted
=
false
, it does not decrypt the information.