eiam-android

OIDC Best Practises

✅ OIDC Flow: Authorization code flow

✅ Use PKCE

✅ Use system browser (CustomTab)

✅ Set prompt=select_account / prompt=login to ensure user-interaction while login (instead of non-interactive SSO)

✅ Store tokens (encrypted) in keychain

✅ No tokens in app cache (an ephemeral URLSession is used)

✅ Use certificate pinning for requests to IdP

✅ Logout: drop all tokens

✅ Error handling

✅ Time handling access/refresh token (before expired)

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
app		app
gradle/wrapper		gradle/wrapper
.gitignore		.gitignore
README.md		README.md
build.gradle.kts		build.gradle.kts
gradle.properties		gradle.properties
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle.kts		settings.gradle.kts