Skip to main content

How to handle authentication with Retrofit in Kotlin Android

How to handle authentication with Retrofit in Kotlin Android.

How to Handle Authentication with Retrofit in Kotlin Android

In this tutorial, we will learn how to handle authentication using Retrofit in a Kotlin Android application. Retrofit is a popular HTTP client library for Android that simplifies the process of making network requests. We will explore different authentication methods and implement them using Retrofit.

Prerequisites

To follow along with this tutorial, you should have the following:

  1. Basic knowledge of Kotlin and Android development.
  2. Android Studio installed on your system.
  3. An API that requires authentication (e.g., OAuth, token-based authentication).

Step 1: Set up Retrofit

First, let's set up Retrofit in our Android project. Open your project in Android Studio and navigate to your app-level build.gradle file. Add the following dependencies:

implementation 'com.squareup.retrofit2:retrofit:2.9.0'
implementation 'com.squareup.retrofit2:converter-gson:2.9.0'

Sync your project to download the dependencies.

Step 2: Create Retrofit Service Interface

Next, we need to create a service interface that defines the endpoints for our API. Create a new Kotlin file (e.g., ApiService.kt) and define the interface as follows:

interface ApiService {
    // Define your API endpoints here
}

Inside the ApiService interface, we will define methods for each API endpoint. For example, let's create a method to authenticate a user:

interface ApiService {
    @POST("login")
    suspend fun login(@Body loginRequest: LoginRequest): Response<LoginResponse>
}

Here, @POST("login") specifies the API endpoint, suspend is used for coroutines, @Body is used to send the request body, and Response<LoginResponse> is the response type.

Step 3: Implement Authentication

Now, let's implement the authentication logic. There are different authentication methods, and the implementation will vary based on the authentication mechanism used by your API. Below are a few common authentication methods and their implementation using Retrofit.

Basic Authentication

val client = OkHttpClient.Builder()
    .addInterceptor { chain ->
        val request = chain.request().newBuilder()
            .header("Authorization", Credentials.basic(username, password))
            .build()
        chain.proceed(request)
    }
    .build()

val retrofit = Retrofit.Builder()
    .client(client)
    .baseUrl(BASE_URL)
    .addConverterFactory(GsonConverterFactory.create())
    .build()

val apiService = retrofit.create(ApiService::class.java)

Here, we create an instance of OkHttpClient and add an interceptor to add the Authorization header using the Credentials.basic() method.

Token-based Authentication

val client = OkHttpClient.Builder()
    .addInterceptor { chain ->
        val originalRequest = chain.request()
        val newRequest = originalRequest.newBuilder()
            .header("Authorization", "Bearer $accessToken")
            .build()
        chain.proceed(newRequest)
    }
    .build()

val retrofit = Retrofit.Builder()
    .client(client)
    .baseUrl(BASE_URL)
    .addConverterFactory(GsonConverterFactory.create())
    .build()

val apiService = retrofit.create(ApiService::class.java)

Here, we add an interceptor to add the Authorization header with the access token.

OAuth Authentication

val client = OkHttpClient.Builder()
    .addInterceptor { chain ->
        val originalRequest = chain.request()
        val newRequest = originalRequest.newBuilder()
            .header("Authorization", "Bearer $accessToken")
            .build()
        chain.proceed(newRequest)
    }
    .authenticator(object : Authenticator {
        override fun authenticate(route: Route?, response: Response): Request? {
            // Handle token expiration and refresh token logic here
            return null
        }
    })
    .build()

val retrofit = Retrofit.Builder()
    .client(client)
    .baseUrl(BASE_URL)
    .addConverterFactory(GsonConverterFactory.create())
    .build()

val apiService = retrofit.create(ApiService::class.java)

Here, we add an interceptor to add the Authorization header with the access token. Additionally, we use an Authenticator to handle token expiration and refresh token logic.

Step 4: Make API Requests

Once we have set up Retrofit and implemented the authentication logic, we can make API requests using the ApiService interface. Here's an example of how to make a login request:

val loginRequest = LoginRequest(username, password)
val response = apiService.login(loginRequest)
if (response.isSuccessful) {
    val loginResponse = response.body()
    // Handle successful login response
} else {
    val errorResponse = response.errorBody()
    // Handle error response
}

Here, we create a LoginRequest object with the required parameters and pass it to the login method of the ApiService. We handle the response based on its success or failure.

Conclusion

In this tutorial, we learned how to handle authentication using Retrofit in a Kotlin Android application. We explored different authentication methods, including basic authentication, token-based authentication, and OAuth authentication. By following the steps outlined in this tutorial, you should now be able to handle authentication in your Retrofit-based Android app.