how to store 'client_secret' and 'client_id' on Android app when using OAuth?

Question

I am developing an android app for the existing website, so i developing login part to the an android app and i use oAuth protocol.i have API for the users data and generate the client_id and the client_secret_key from the web site.so my question is.

• How to store this client_id and client_secret (in mobile app or any backed client web service)
• When i use backed client web app to store client id and secret how i authenticate users.

The web site built on the larevel php framework.

Answer 1

To answer your first question use shared preferences. Shared Preferences allow you to save and retrieve data in the form of key,value pair. Second question, read from the shared preference and send back the results to web server. Check if there is data present , and then get the value , validate it and transmit it accordingly. I recommend using this awesome library as a bonus to your questions.retrofit2.

Answer 2

If you want to securely save the id in the app you can use a Keystore.

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

// get user password and file input stream
char[] password = getPassword();

java.io.FileInputStream fis = null;
try {
    fis = new java.io.FileInputStream("keyStoreName");
    ks.load(fis, password);
} finally {
    if (fis != null) {
        fis.close();
    }
}

https://developer.android.com/reference/java/security/KeyStore.html