Skip to main content

Authentication

The Authentication module manages sign-in, account creation, token storage, and logout. After a successful sign-in, AFCore stores the session securely and attaches authentication tokens to all subsequent API requests.

How It Works

  1. Your app calls signInOrCreateMember with an external user identifier (from your SSO, SAML, or custom identity provider).
  2. If the member exists, AFCore signs them in. If not, it creates the member and signs them in automatically.
  3. AFCore stores the access and refresh tokens in platform-secure storage (Android EncryptedSharedPreferences / iOS Keychain).
  4. All subsequent SDK calls include the token automatically -- no manual header management required.

Sign In or Create a Member

Use signInOrCreateMember to authenticate using an external identity. Optional profile fields seed the member's profile on first creation.

Parameters

ParameterTypeRequiredDescription
externalUserIdStringYesUnique identifier from your identity provider.
emailString?NoMember's email address.
firstNameString?NoGiven name.
middleNameString?NoMiddle name.
lastNameString?NoFamily name.
genderString?No"M" or "F".
dateOfBirthString?NoISO-8601 format (YYYY-MM-DD).
phoneNumberString?NoContact number.
address1String?NoPrimary street address.
address2String?NoSecondary address line.
cityString?NoCity.
stateString?NoTwo-letter state code.
zipString?NoPostal code.
attributesMap<String, String?>?NoFreeform key-value pairs for custom profile data.

Returns

AFResult -- check result.status (Boolean) for success and result.statusMessage for details on failure.

lifecycleScope.launch {
    try {
        val result = AFCore.authentication().signInOrCreateMember(
            externalUserId = "sso-user-98765",
            email = "alex@example.com",
            firstName = "Alex",
            lastName = "Rivera",
            dateOfBirth = "1988-07-12",
            attributes = mapOf("groupId" to "GR-2504")
        )

        if (result.status) {
            // Session is active. Navigate to the main screen.
            navigateToHome()
        } else {
            // The server rejected the request. Show the reason.
            showError("Sign-in failed: ${result.statusMessage}")
        }
    } catch (e: Exception) {
        // Network or unexpected error.
        showError("Could not connect: ${e.message}")
    }
}

Logout

logout() clears all stored tokens and local SDK state for the current member. Call this when the user explicitly signs out.

lifecycleScope.launch {
    val result = AFCore.authentication().logout()
    if (result.status) {
        // Tokens cleared. Return to the login screen.
        navigateToSignIn()
    }
}

After logout, stop any active geofence monitoring and cancel background sync tasks. The member must sign in again before making any further SDK calls.

Best Practices

  • Call sign-in once per session. AFCore handles token refresh automatically. You do not need to re-authenticate on every app launch -- the stored session persists across launches.
  • Pass profile fields on first sign-in. Optional parameters like firstName, email, and dateOfBirth seed the server-side profile. If the member already exists, these fields are ignored unless the server is configured to update them.
  • Handle token expiry gracefully. If a token refresh fails (for example, after extended offline periods), AFCore throws an exception on the next API call. Catch it and redirect to sign-in.
  • Secure the external user ID. The externalUserId is the bridge between your identity system and AFCore. Validate it server-side if possible.

Error Handling

ScenarioRecommended Action
result.status == falseDisplay result.statusMessage to the user. Common causes: invalid credentials, disabled account, or server maintenance.
Network exceptionShow a retry option. AFCore does not retry authentication automatically.
Token refresh failureRedirect to sign-in. The session has expired.

Quick Reference

// Android
AFCore.authentication().signInOrCreateMember(externalUserId = "id", ...)
AFCore.authentication().logout()