User data authorization - infobip/mobile-messaging-sdk-android GitHub Wiki

There are three possible options for user data authorization, which can be selected on the application profile configuration page.

Security settings

Allow all mobile SDK requests

This is the default option. When selected, all API requests the SDK makes will be authorized using the application code.

Allow only mobile SDK requests with JSON Web Tokens (JWT) authorization

When this option is selected, certain backend API calls made by the SDK will require authorization with a securely signed JWT. To implement this option, you need to provide an implementation of the JwtSupplier interface to the Mobile Messaging SDK, either during initialization with the builder or later using the setter method. The external user ID of the person is also required to generate the token.

//Builder
MobileMessaging.Builder(this)
    .withJwtSupplier(ExampleJwtSupplier())
    .build()

//Setter
MobileMessaging.getInstance(this).setJwtSupplier(ExampleJwtSupplier())
Expand to see Java code 
//Builder
new MobileMessaging.Builder(this)
    .withJwtSupplier(new ExampleJwtSupplier())
    .build();

//Setter
MobileMessaging.getInstance(this).setJwtSupplier(new ExampleJwtSupplier());

The interface has a single method, String getJwt(), which the SDK will call to obtain the JWT for authorizing API calls. The JWT should be generated and fetched from your backend. If there is no external user ID, the function should return null. Before making the API call, the SDK will validate the provided token for structure and expiration. If the token fails validation, no API call will be made. With the provided listener, it is possible to handle errors.

MobileMessaging.getInstance(this).saveUser(user, object: ResultListener<User>() {
    override fun onResult(result: Result<User, MobileMessagingError>?) {
        if (result != null && result.error != null) {
            if (result.error.code == InternalSdkError.JWT_TOKEN_EXPIRED.error.code) {
                //Refresh token or retry call
            }
        }
    }
})
Expand to see Java code 
MobileMessaging.getInstance(this).saveUser(user, new MobileMessaging.ResultListener<User>() {
    @Override
    public void onResult(Result<User, MobileMessagingError> result) {
        if (result != null && result.getError() != null) {
            if (result.getError().getCode().equals(InternalSdkError.JWT_TOKEN_EXPIRED.getError().getCode())) {
                //Refresh token or retry call
            }
        }
    }
});

The required structure of the JWT and an example of how to generate it can be found in the JsonWebToken(JWT) structure and generation example article. The SDK functionalities that require JWT authorization are fetchUser, patchUser, and personalize.

Disallow all mobile SDK requests

With this option, it is only possible to modify personal information over Contact Information API.

If you have any questions or suggestions, feel free to send an email to [email protected] or create an issue.

⚠️ **GitHub.com Fallback** ⚠️