Skip to main content

Configuring OAuth

Using OAuth requires some configuration in the Turnkey Dashboard and your app.

Enabling OAuth

Navigate to the Embedded Wallets → Configuration section in the Turnkey Dashboard and enable the OAuth. Note if you have not enabled the Auth Proxy, you will need to do so first. Check out the Getting Started guide for more details. OAuth providers configuration

Configuring OAuth providers

You must enable the OAuth providers you want to use in the Social logins section. OAuth client IDs configuration

Client IDs

You can choose to enter your client IDs for each OAuth provider and the redirect url in the dashboard. OAuth client IDs configuration OAuth redirect URL configuration Or, you can provide the client IDs and redirect URI through environment variables and pass them into the TurnkeyConfig used to initialize the SDK. This is useful if you want to use different OAuth client IDs or a different redirect URL for different environments (e.g., development, staging, production). You can retrieve the client IDs from the OAuth provider’s dashboard. Note that the redirect URI must match the one you configured in the dashboard or in the TurnkeyConfig.
For OAuth2.0 providers, you will need to upload the client ID and secret in the dashboard. Check out the OAuth2.0 providers section for more details.

Client configuration

In order to catch the OAuth redirect in your app, you must add the OAuth redirect activity to your AndroidManifest.xml with a valid app scheme. 
<activity
    android:name="com.turnkey.core.OAuthRedirectActivity"
    android:launchMode="singleTop"
    android:noHistory="true"
    android:exported="true">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="<your-app-scheme>" />
    </intent-filter>
</activity>
This activity will allow the Turnkey SDK to handle the OAuth redirect and complete the login flow.
Ensure you provide the same app scheme in your TurnkeyConfig used to initialize the SDK. 
import android.app.Application
import com.turnkey.core.TurnkeyContext
import com.turnkey.models.TurnkeyConfig
import com.turnkey.models.AuthConfig
import com.turnkey.models.OAuthConfig

class App : Application() {
    override fun onCreate() {
        super.onCreate()

        TurnkeyContext.init(
            app = this,
            // the rest of your config params...
            config = TurnkeyConfig(
                appScheme = "<your-app-scheme>", // Required for deep link completion
                 authConfig = AuthConfig(
                    // You can also provide these values through the Turnkey dashboard:
                    // Note: If no redirect URI is provided, the default redirect URI will be used `https://oauth-redirect.turnkey.com`
                    oAuthConfig = OAuthConfig(
                        oauthRedirectUri = "<your-redirect-uri>",

                        // You will typically get these from the OAuth provider's dashboard. Eg: Google developer console.
                        googleClientId = "<google-client-id>",
                        appleClientId = "<apple-client-id>",
                        xClientId = "<x-client-id>",
                        discordClientId = "<discord-client-id>"
                    )
                )
            )
        )
    }
}
By default, Turnkey hosts the OAuth redirect and origin pages at https://oauth-redirect.turnkey.com and https://oauth-origin.turnkey.com, which forward back into your app via the appScheme you configured. If you’d rather host these yourself, you can set an oauthRedirectUri in your TurnkeyConfig. Whatever URL you set must match the one registered in the provider’s developer dashboard.

Usage

In your app, call the corresponding helper for each provider from TurnkeyContext: handleGoogleOAuth, handleAppleOAuth, handleDiscordOAuth, and handleXOAuth. 
import android.os.Bundle
import android.widget.Button
import androidx.appcompat.app.AppCompatActivity
import androidx.lifecycle.lifecycleScope
import com.turnkey.core.TurnkeyContext
import kotlinx.coroutines.launch

class MainActivity : AppCompatActivity() {
    private val activity = this

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)

        val googleOAuthButton = findViewById<Button>(R.id.googleOAuthButton)
        googleOAuthButton.setOnClickListener {
            lifecycleScope.launch {
                try {
                    TurnkeyContext.handleGoogleOAuth(activity = activity)
                } catch (t: Throwable) {
                    println(t)
                }
            }
        }

        val appleOAuthButton = findViewById<Button>(R.id.appleOAuthButton)
        appleOAuthButton.setOnClickListener {
            lifecycleScope.launch {
                try {
                    TurnkeyContext.handleAppleOAuth(activity = activity)
                } catch (t: Throwable) {
                    println(t)
                }
            }
        }

        val xOAuthButton = findViewById<Button>(R.id.xOAuthButton)
        xOAuthButton.setOnClickListener {
            lifecycleScope.launch {
                try {
                    TurnkeyContext.handleXOAuth(activity = activity)
                } catch (t: Throwable) {
                    println(t)
                }
            }
        }

        val discordOAuthButton = findViewById<Button>(R.id.discordOAuthButton)
        discordOAuthButton.setOnClickListener {
            lifecycleScope.launch {
                try {
                    TurnkeyContext.handleDiscordOAuth(activity = activity)
                } catch (t: Throwable) {
                    println(t)
                }
            }
        }
    }
}

Provider details

OAuth providers

Google

Requirements:
  • Client ID: use a Web client ID from the Google developer console and set it in the Dashboard or in the TurnkeyContext.init’s config.
  • In the Google developer console, set the authorized redirect URL to https://oauth-redirect.turnkey.com/?scheme=YOURAPPSCHEME/ and the authorized JavaScript origin to https://oauth-origin.turnkey.com/. Replace YOURAPPSCHEME with the appScheme you set in TurnkeyConfig.

Apple

handleAppleOAuth on Android uses a web-based Apple OAuth flow that authenticates against the Apple Services ID. Requirements:
  • Client ID: set the Apple Services ID in the Dashboard or in the TurnkeyContext.init’s config.
  • In the Apple Developer dashboard, set the Services ID’s return URL to https://oauth-redirect.turnkey.com/?scheme=YOURAPPSCHEME/ and its domain/origin to https://oauth-origin.turnkey.com/. Replace YOURAPPSCHEME with the appScheme you set in TurnkeyConfig.

OAuth2.0 providers

For OAuth providers that exclusively use OAuth2.0 (e.g., X, Discord), you will need to configure a few additional settings in your Turnkey Dashboard. In the Embedded Wallets → Configuration section of the dashboard, head to the OAuth 2.0 tab and click Add Credential. OAuth2.0 providers configuration Select the provider you want to add from the dropdown, and fill in the required fields. You can find these values in the provider’s developer console. Any secrets will automatically be encrypted before uploading to Turnkey. Adding an OAuth2.0 provider Once you’ve added the provider, head back to the Authentication tab, and enable the provider you just added under the SDK Configuration section. Click Select to choose your newly added client ID, then click Save Settings. You can also simply enter the client ID in the TurnkeyContext.init’s config as shown above. Selecting an OAuth2.0 provider

Discord

Requirements:
  • Client ID: set in Dashboard or in the TurnkeyContext.init’s config.
  • In the Discord Developer Portal, set the redirect URI to YOUR_APP_SCHEME://.

X (Twitter)

Requirements:
  • Client ID: set in Dashboard or in the TurnkeyContext.init’s config.
  • In the Twitter Developer Portal, set the redirect URI to YOUR_APP_SCHEME://.