A few weeks ago we were excited to announce one of our most-wished-for features from our developer community, native authentication for iOS, and today we're happy to announce we've also shipped support for native auth on Android in our latest release of Foursquare on Google Play! In a nutshell, this means that your users can connect their Foursquare accounts to your app without wrangling with messy WebViews and log-ins. Native authentication simply pops your users into the Foursquare app on their phone and lets them use their existing credentials there.
And even though this has only been out for a few short weeks, we love what our developers have been doing with it so far. If you want to see what native auth looks and feels like in the wild, install the latest version of quick check-in app Checkie: after using Foursquare to find a place for you and your friends to go, Checkie lets you check in with incredible speed.
Since Checkie uses our checkins/add endpoint, users need a way to log in. Below is what the app used to look like upon opening. Users are taken directly to a WebView where the user had to type in — and more importantly, remember, without the aid of Facebook Connect — their Foursquare credentials before continuing to use Checkie.
For this old flow to succeed, at least four taps are necessary, along with who knows how many keystrokes. Below is how the new Checkie flow works after integrating native auth: there's a more informational screen when the app opens, and only two taps are necessary to begin actually using Checkie: “Sign in," which bumps users to the Foursquare app where they can hit “Allow."
How You Can Use Native Auth Today
You too can get started using this flow right away. We have libraries and sample code for iOS and Android available on GitHub that you can dive straight into. The details vary depending on OS, but the overall conceptual process is similar for both and outlined below — it should be familiar for those who have worked with 3-legged OAuth before.
- Update your app's settings. You need to modify your app's redirect URIs (iOS) or add a key hash (Android).
- Include our new libraries in your project. OS-specific instructions are found on their GitHub pages.
- Unless you want to use it as a backup mechanism, get rid of that (UI)WebView! Chances are, if you expect your users to have Foursquare accounts, they'll have the app on their phones.
- Call our new native authorize methods. On iOS, it's authorizeUserUsingClientId; on Android, it's FoursquareOAuth.getConnectIntent then startActivityForResult with the returned intent. These methods bounce your users to the Foursquare app's authorize screen or return appropriate fallback responses allowing them to download the app.
- If you user authorizes your app, your user will land back in your app. Follow OS-specific instructions to obtain an access code. This should involve calling either accessCodeForFSOAuthURL (iOS) or FoursquareOAuth.getAuthCodeFromResult (Android).
- Trade this access code for an access token. The access token (not access code) is what is eventually used to make calls on behalf of a particular user. There are two ways to do this:
- (Preferred) Pass the access token to your server, and then make a server-side call to https://foursquare.com/oauth2/access_token—see step 3 under our code flow docs for details on the exact parameters needed. The response from Foursquare will be an access token, which can be saved and should be used to make auth'd requests. This method is preferable because it avoids including your client secret into your app. For more details, see our page on connecting.
- Call our new native methods to get an access token. On iOS it's requestAccessTokenForCode. On Android it's FSOauth.getTokenExchangeIntent followed by startActivityForResult (make sure you also make requisite changes to AndroidManifest.xml)
If you have any comments or questions about this new native auth flow — or anything API-related in general! — please reach out to firstname.lastname@example.org.
- David Hu, Developer Advocate