FusionAuth Android SDK


This SDK allows you to use OAuth 2.0 and OpenId Connect functionality in an Android app with FusionAuth as the authorization server. It also provides a Token Manager to store, refresh, and retrieve tokens.

It's a highly standardized and simplified starting point for developers to easily integrate FusionAuth into their own custom mobile apps by taking care of all the dependencies.

The following OAuth 2.0 and OpenID Connect functionality are covered:

  • OAuth 2.0 Authorization Code Grant
  • OAuth 2.0 Refresh Token Grant
  • OpenID Connect UserInfo
  • OpenID Connect End Session

AppAuth-Android is used for the OAuth 2.0 Authorization Code Grant flow and OpenID Connect functionality.

The SDK is written in Kotlin and is compatible with Java.

Getting Started

To use the FusionAuth Android SDK, add the following dependency to your build.gradle file:

dependencies {

After adding the dependency, you will need to initialize the AuthorizationManager with the AuthorizationConfiguration:

        fusionAuthUrl = "",
        clientId = "e9fdb985-9173-4e01-9d73-ac2d60d1dc8e",
        allowUnsecureConnection = true

This will initialize the AuthorizationManager with the provided AuthorizationConfiguration. The AuthorizationManager is a singleton and can be accessed from anywhere in your app. The example configuration uses the IP address for your local machine, which is the default for the Android Emulator. If you are running the FusionAuth server on a different machine, you will need to replace the fusionAuthUrl with the correct URL.

Instead of specifying the AuthorizationConfiguration in code, you could also read it from a resource file:

    AuthorizationConfiguration.fromResources(this, R.raw.fusionauth_config)

The fusionauth_config.json file should be placed in the res/raw directory and should look like this:

  "fusionAuthUrl": "",
  "clientId": "e9fdb985-9173-4e01-9d73-ac2d60d1dc8e",
  "allowUnsecureConnection": true

By default, the SDK uses the MemoryStorage for storing tokens. This means that tokens will be lost when the app is closed. To persist tokens, you can use the SharedPreferencesStorage or implement your own TokenStorage.


To start the OAuth 2.0 Authorization Code Grant, you can use the oAuth() function on the AuthorizationManager to retrieve the OAuthAuthorizationService:

        Intent(this@LoginActivity, TokenActivity::class.java),
            cancelIntent = Intent(this@LoginActivity, LoginActivity::class.java)
            state = "state-${System.currentTimeMillis()}"

The authorize function will start the OAuth 2.0 Authorization Code Grant flow and open the provided Intent when the flow is completed. The OAuthAuthorizeOptions allows you to specify additional options for the flow, such as the cancelIntent and the state.

If the user completes the flow, the TokenActivity will be opened, and you are required to handle the redirect:


This will retrieve the authorization response, validates the state if it was provided, and exchanges the authorization code for an access token. The result of the exchange will be stored in the TokenManager.

After the user is authorized, you can use getUserInfo() to retrieve the User Info:


To call your API with an access token, you can use the AuthorizationManager to retrieve a valid access token:

val accessToken = AuthorizationManager.freshAccessToken(this@TokenActivity)

This will retrieve a fresh access token from the TokenManager and return it. If the access token is expired, the TokenManager will refresh it automatically.

Finally, you can use the AuthorizationManager to sign out the user and remove the tokens from the TokenManager:

        Intent(this@TokenActivity, LoginActivity::class.java)

If the user is signed out, the LoginActivity will be opened.

Example App



Source Code

The source code is available here: https://github.com/FusionAuth/fusionauth-android-sdk/