Truecaller for Developers
  • Hello!
  • Why Truecaller SDK?
  • Getting Started
  • Android
    • OAuth SDK 3.1.0
      • Implementing user flow for your App
      • Scenarios for all user verifications : Truecaller and Non Truecaller Users
      • Integration Steps
        • Generating Client ID
        • Setup
        • Implementing Callbacks
        • Initialisation
        • Setting up OAuth parameters
        • Invocation
        • Customisation
        • Clearing SDK Instance
        • Handling Error Scenarios
        • Integrating with your Backend
          • Fetching User Token
          • Fetching User Profile
        • Non Truecaller User Verification
          • Completing Verification
          • TrueException
          • Server Side Validation
      • Instrumentation
      • Getting Release Ready
        • Testing your verification flow
          • Non-Truecaller user verification flow
          • Truecaller user verification flow
          • Test Setup
        • Google play store app permission declaration form
        • Moving to Production
    • OAuth SDK 3.0.0
      • Implementing user flow for your App
      • Scenarios for all user verifications : Truecaller and Non Truecaller Users
      • Integration Steps
        • Generating Client ID
        • Setup
        • Implementing Callbacks
        • Initialisation
        • Setting up OAuth parameters
        • Invocation
        • Customisation
        • Clearing SDK Instance
        • Handling Error Scenarios
        • Integrating with your Backend
          • Fetching User Token
          • Fetching User Profile
        • Non Truecaller User Verification
          • Completing Verification
          • TrueException
          • Server Side Validation
      • Instrumentation
      • Getting Release Ready
        • Testing your verification flow
          • Non-Truecaller user verification flow
          • Truecaller user verification flow
          • Test Setup
        • Google play store app permission declaration form
        • Moving to Production
    • SDK v2.8.0[Deprecating Soon ⚠️]
      • Implementing user flow for your app
      • Scenarios for all user verifications : Truecaller and Non Truecaller Users
      • Generating App Key
      • Integrating with your App
        • Setup
        • App Key Configuration
        • Initialisation
        • Customisation
        • Implement Callbacks
        • Clearing SDK instance
        • Handling Error Scenarios
        • Verifying non Truecaller users
          • TrueException
          • Completing Verification
        • Advanced Steps
      • Server Side Response Validation
        • For Truecaller users verification flow
        • For Non-Truecaller users verification flow
      • Instrumentation
      • Getting Release Ready
        • Testing your verification flow
          • Truecaller user verification flow
          • Non-Truecaller User Verification Flow
          • Test Setup
        • Google Play App Signing
        • Google Play Store app permissions declaration
        • Google Play Policy Change for Device Identifiers
      • Changelog
    • Change Log
  • Mobile Websites
    • Implementing user flow for your Mobile Website
    • Generating App Key
    • Integrating with your mobile website
      • Initialisation
      • Invoking verification
      • Fetch User Profile
      • Completing User Verification
      • Handling Error Scenarios
    • Getting Release Ready
      • Instrumentation
      • Testing your verification flow
  • iOS
    • Generating App Key
    • Integrating with your iOS App
      • Setup
      • Configuration
      • Usage
        • Swift
        • Objective-C
      • Verifying Non-Truecaller app users
        • Completing Verification
      • Handling Error Scenarios
        • Safari Redirection
    • Server Side Response Validation
  • Shopify App
    • Generating App Key
    • App Configuration
    • Deactivating App Block
  • FAQS
    • General
    • Developer Account
    • Android App SDK
    • Android OAuth SDK
    • Mobile Web SDK
    • Number Verification Plugin
  • Product Updates
    • App Review Process
    • Introducing dark theme
Powered by GitBook
On this page
Export as PDF
  1. Android
  2. OAuth SDK 3.0.0
  3. Integration Steps

Setting up OAuth parameters

  1. Set a unique state parameter & store it in the current session to use it later in the onSuccess() callback method of the TcOAuthCallback to match if the state received from the authorization server is the same as set here to prevent request forgery attacks.

stateRequested = BigInteger(130, SecureRandom()).toString(32)
TcSdk.getInstance().setOAuthState(stateRequested)

One good choice for a state token is a string of around 32 characters constructed using a high-quality random-number generator as we did above. Another approach could be a hash generated by signing some of your session state variables with a key that is kept secret on your back-end.

Truecaller OAuth SDK already verifies the request-response correlation before forwarding it to the your app.

  1. Set the list of scopes to be requested.

TcSdk.getInstance().setOAuthScopes(arrayOf("profile", "phone", ...))

// Currently available list of scopes :
- profile
- phone
- openid
- offline_access
- email
- address

Note : 
Please include the relevant scopes for your project. 
Make sure the scopes you’re requesting above are selected on the portal for your project
  1. Generate a unique code verifier & store it in the current session since it would be required later to generate the access token. It can be generated using the utility class CodeVerifierUtil provided in the SDK.

codeVerifier = CodeVerifierUtil.generateRandomCodeVerifier()

This utility method generates a random code verifier string using SecureRandom as the source of entropy with 64 as the default entropy quantity.

  1. Set the corresponding code challenge using the code verifier generated in the previous step. This can be generated using the utility class CodeVerifierUtil provided in the SDK.

val codeChallenge = CodeVerifierUtil.getCodeChallenge(codeVerifier)
codeChallenge?.let {
                TcSdk.getInstance().setCodeChallenge(it)
} ?: print(“Code challenge is Null. Can’t proceed further”)

This utility method produces a code challenge from the supplied code verifier using SHA-256 as the challenge method and Base64 as encoding if the system supports it (all Android devices should ideally support SHA-256 and Base64), but in rare case if the device doesn’t, then this method would return null meaning that you can’t proceed further. Please ensure to have a null safe check for such cases.

PreviousInitialisationNextInvocation

Last updated 11 months ago