Guides
Start typing to search…

Managed Auth - Logging in/out

Overview

Logging In

Logging in works similarly to registration, you need to create a login flow and decorate it with user data, but the SDK handles most of the complexity for you.

// Create a login request with identifier (email or phone number) and password
val loginRequest = LoginRequest(
    userIdentifer = "+1234567890", // Can be email or phone number
    password = "secure_password"
)

// Perform the login
try {
    vipasoPay.managedAuth.login(loginRequest)
    // Success: nothing is returned directly, the login state will update automatically
    // You can observe login state changes via user.getUserLoginState()
} catch (e: Throwable) {
    // Error: handle authentication errors
}

If you debug your networking calls, you should see the following traffic:

  1. HTTP request and response for retrieving the flow id in the background:
GET /a/self-service/login/api HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
  "id": "b1f0d684-7c85-4efa-b8a6-6041e1e77eaa",
  ...
}
  1. HTTP request and response for logging in:
POST /a/self-service/login?flow=b1f0d684-7c85-4efa-b8a6-6041e1e77eaa HTTP/1.1
Content-Type: application/json
{
  "identifier": "+1234567890",
  "method": "password",
  "password": "secure_password"
}
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
  "session_token": "ory_st_ZXMeo8204gD0u3PbQu0DgsG3hBASzz8E",
  "session": {
    "id": "a29924fd-14d7-46ee-b329-73854e876405",
    "identity": {
      "id": "9a8cbfb3-87bd-4087-b48d-2569b1b43386",
      ...
    },
    ...
  },
  ...
}

Note: After login, the SDK will automatically generate and save a local key pair and send the public key to the backend. This needs to happen for the user to be considered logged in. You will see a PUT request to /identity/pki/client/certificates at the end of the flow.

Example screenshots from our development application:

Logging Out

Logout is synchronous and there is no backend communication involved. The SDK will clean up everything from its database that is connected to the user.

// Logout the current user
vipasoPay.user.logout()

// The login state will update automatically
// You can observe login state changes via user.getUserLoginState()

Example screenshots from our development application:

Observing Authentication State Changes

Important: The SDK will not expose the session token to the client side. Instead, it will store it internally and emit updates to notify the app about the changed authentication state.

You can observe login state changes using the getUserLoginState flow:

// Collect login state updates in a coroutine scope
lifecycleScope.launch {
    vipasoPay.user.getUserLoginState().collect { loginState ->
        when (loginState) {
            is LoginState.LoggedIn -> {
                // Your user is logged in
            }
            is LoginState.NotLoggedIn -> {
                // Your user is logged out (can be automatic after 401 or manually calling logout)
                // Clean up any user-specific data and redirect to your login screen
            }
        }
    }
}

Updated 8 days ago