SMS Login
Documentation
This document describes how to integrate SMS login on an Android client. SMS login means sending an SMS verification code to the user's mobile number; the user then authenticates with the IDaaS server using the mobile number and SMS verification code.
Flow Description
SMS login usage scenario: The user enters the mobile number and taps the "Get SMS Verification Code" button to launch the slider verification. After the slider verification succeeds, the BambooCloud IDaaS backend sends an SMS verification code to this mobile number. The user enters the verification code and taps login; the BambooCloud IDaaS backend authenticates and returns a ticket. The final authentication result is returned to the app.
SMS Login Flow

Integration Flow Description
The user enters the mobile number, and the app client checks whether the mobile number conforms to the format rules. The user taps "Get Verification Code".
The app client calls the slider verification method; the IDaaS SDK requests the IDaaS backend slider verification initialization information and displays the slider verification window on the page.
The user drags the slider to complete the slider verification; the IDaaS SDK collects the slider verification information and requests the IDaaS server to perform verification.
The IDaaS server completes the slider verification successfully and returns a token to the IDaaS SDK.
The IDaaS SDK obtains the token and uses it to request the IDaaS server to send an SMS.
The user receives the SMS, enters the verification code, and taps login.
The app client uses the mobile number and verification code to call the IDaaS SDK SMS login method.
The IDaaS SDK requests SMS login; the IDaaS server initiates the authentication flow. If authentication succeeds, it returns the Session token to the IDaaS SDK; if authentication fails, it returns the error code and message to the IDaaS SDK.
The IDaaS SDK obtains the login result and returns it to the app client, which proceeds with its own flow based on the result.
Environment Setup
Add Dependencies
AuthnCenter_Common-1.5.3.aar //Common package
AuthnCenter_SMSLogin-1.5.3.aar //SMS login SDKConfigure build.gradle
Place the aar package in the libs directory of the app project, and add the following code in build.gradle:
/*begin*/
/* rxjava2 + okhttp + retrofit2 */
api 'io.reactivex.rxjava2:rxjava:2.2.10'
api 'io.reactivex.rxjava2:rxandroid:2.1.1'
api 'com.squareup.retrofit2:retrofit:2.6.0'
api 'com.squareup.retrofit2:adapter-rxjava2:2.6.0'
api 'com.squareup.retrofit2:converter-gson:2.6.0'
api 'com.squareup.okhttp3:okhttp:4.3.1'
api 'com.squareup.okhttp3:logging-interceptor:3.6.0'
api 'com.jakewharton.retrofit:retrofit2-rxjava2-adapter:1.0.0'
api 'com.trello.rxlifecycle2:rxlifecycle-components:2.1.0'
/*end*/
/*begin*/
/* fastjson */
api 'com.alibaba:fastjson:1.2.61'
/*end*/
/*begin*/
/* AuthnCenter_Common+ AuthnCenter_SMSLogin */
implementation(name: 'AuthnCenter_Common-1.5.3', ext: 'aar')
implementation(name: 'AuthnCenter_SMSLogin-1.5.3.aar', ext: 'aar')
/*end*/Configure AndroidManifest
This SDK module has no special declarations or registrations.
Development Integration
SDK Initialization
AuthnCenterSDK.Builder()
.init(this)
.setBaseUrl("https://xxx.xxx.com") //tenant domain
.setClientId("xxxx") //application client-id from the tenant console
.isCheckSSL(false) //whether to check the SSL certificate
.logEnable(false).build(); //whether to enable HTTP request logsBrief introduction to methods of the AuthnCenterSMSLogin basic configuration initialization main class:
/**
* SMS verification code -- send SMS
*/
public void smsSend(Context context, SendSmsReq req, RequestListener listener)
/**
* Get country/area code. Note: if international area codes are configured, call this method to obtain them.
*/
public void getCountryCode(Context context, RequestListener listener)Built-in slider verification:
BlockPuzzleDialog mBlockPuzzleDialog = new BlockPuzzleDialog(mContext);
mBlockPuzzleDialog.setOnResultsListener(new OnResultsListener() {
@Override
public void onResultsClick(String result) {
LogUtil.getInstance().d("Secondary verification callback result mCaptchaToken:" + result);
//This callback result is the captchaToken parameter for SMS verification
}
@Override
public void onError(String code, String msg) {
ToastUtils.ShowToast(mContext, String.format("Error code: %s Error message: %s", code, msg));
}
});
}Call sequence:
(1) If international number support is enabled, call the international area code acquisition interface first to bind and display it on the UI. For methods that need to pass a mobile number, assemble the international area code yourself (e.g. +86-13800000000) and pass it in. If international support is not enabled, ignore this interface.
(2) Call slider verification (BlockPuzzleDialog), passing in the mobile number
(3) Call send SMS verification code (smsSend), passing in the mobile number and slider verification result
(4) Call the SMS login method (smsLogin), passing in the mobile number and SMS verification codeSend SMS Verification
The app client needs its own UI page, which contains several necessary components: a mobile number input box, a verification code input box, a button (or event) to trigger obtaining the verification code, and a login button (or event).
After the user enters the mobile number and before tapping (triggering) the send verification code event, the app client checks the mobile number format.
Tap (trigger) the send verification code event; the app client calls the IDaaS SDK send verification code method, as shown below:
//Send verification code
SendSmsReq sendSmsReq = new SendSmsReq();
sendSmsReq.setMobile(getPhoneNum());
sendSmsReq.setType(SendSmsType.login);
sendSmsReq.setCaptcha_token(“result returned after slider verification succeeds”);
AuthnCenterAPI.Builder().smsSend(mContext, sendSmsReq
, new RequestListener<BaseResponse>() {
@Override
public void success(BaseResponse rsp) {
}
@Override
public void error(String code, String errorMessage) {
}
});Login with Mobile Number and SMS Verification Code
After the verification code is sent, the user receives the SMS verification code, enters it in the verification code box, and triggers the login event. At this time, the app client launches the SMS login flow. Sample code is as follows:
AuthnCenterSMSLogin.Builder().smsLogin(mContext, moblie, verifyCode, new LoginListener() {
@Override
public void success(String code, String data) {
ToastUtils.ShowToast(mContext, "SMS login succeeded, returned data: " + data);
}
@Override
public void error(String code, String msg) {
ToastUtils.ShowToast(mContext, msg);
}
});Return Codes
| Status Code | Error Code (error_code) | Error Message (error_msg) | Chinese Error Message | Remediation |
|---|---|---|---|---|
| 400 | IDAAS.SDK.COMMON.1001 | Parameter {0} cannot be left blank | 参数 {0} 不能为空 | |
| 400 | IDAAS.SDK.COMMON.1002 | The {0} parameter format is incorrect | 参数 {0} 格式错误 | |
| 400 | IDAAS.SDK.COMMON.1003 | Device information is incomplete | 设备信息不完整 | |
| 400 | IDAAS.SDK.COMMON.1004 | Signature decryption error | 签名解密错误 | |
| 400 | IDAAS.SDK.COMMON.1005 | The {0} has failed | {0} 已失效 | |
| 400 | IDAAS.SDK.COMMON.1006 | The {0} parameter error | {0} 参数错误 | |
| 400 | IDAAS.SDK.COMMON.1007 | The {0} parameter type error | {0}参数类型错误 | |
| 500 | IDAAS.SDK.COMMON.1008 | The system is busy. Try again later | 系统繁忙。稍后再试 | |
| 400 | IDAAS.SDK.COMMON.1009 | Unknown authentication configuration | 未知的认证配置 | |
| 400 | IDAAS.SDK.COMMON.1010 | Failed to obtain the enterprise center global configuration | 获取企业中心全局配置失败 | |
| 400 | IDAAS.SDK.COMMON.1011 | Failed to obtain the international area code configuration | 获取国际区号配置失败 | |
| 400 | IDAAS.SDK.COMMON.1012 | The x-client-ID is incorrect and the corresponding application cannot be found | X-client-id错误,找不到对应的应用 | |
| 400 | IDAAS.SDK.COMMON.1013 | The corresponding user is not found | 未找到对应的用户 | |
| 400 | IDAAS.SDK.COMMON.1014 | Application private key not found | 未找到应用私钥 | |
| 400 | IDAAS.SDK.LOGIN.1001 | Error calling interface | 调用 {0} 接口出错 | |
| 400 | IDAAS.SDK.LOGIN.1002 | User not bound | 用户未绑定 | |
| 400 | IDAAS.SDK.LOGIN.1003 | The user has been locked due to too many unsuccessful login attempts. It will be unlocked in {0} minutes and {1} seconds | 由于多次登录失败,用户已被锁定。 它将在 {0} 分钟和 {1} 秒内解锁 | |
| 400 | IDAAS.SDK.LOGIN.1004 | Failed to obtain the password policy | 获取密码策略错误 | |
| 400 | IDAAS.SDK.LOGIN.1005 | Invalid username or password. Remaining login attempts: | 无效的用户名或密码。 其余登录尝试次数: | |
| 400 | IDAAS.SDK.LOGIN.1006 | Configuration error, unable to find wechat authentication source | 配置错误,找不到微信认证源 | |
| 400 | IDAAS.SDK.LOGIN.1007 | Configuration error, unable to find alipay authentication source | 配置错误,找不到支付宝认证源 | |
| 400 | IDAAS.SDK.LOGIN.1008 | The configuration is incorrect. The one-click login authentication source cannot be found | 配置错误,无法找到一键登录认证源 | |
| 400 | IDAAS.SDK.SMS.1001 | {0} slide base map is not initialized successfully, please check the path | {0} 滑动底图未初始化成功,请检查路径 | |
| 400 | IDAAS.SDK.SMS.1002 | {0} verification code coordinate resolution failed | {0} 验证码坐标解析失败 | |
| 400 | IDAAS.SDK.SMS.1003 | {0} verification code coordinate verification fails | {0} 验证码坐标校验失败 | |
| 400 | IDAAS.SDK.SMS.1004 | The graphic verification code is incorrect | 图形验证码校验错误 | |
| 400 | IDAAS.SDK.SMS.1005 | SMS verification code verification is incorrect | 短信验证码验证错误 | |
| 400 | IDAAS.SDK.SMS.1006 | The email verification code is incorrect | 邮件验证码验证错误 | |
| 400 | IDAAS.SDK.SMS.1007 | Sending scenario does not exist | 发送场景不存在 | |
| 400 | IDAAS.SDK.SMS.1008 | Failed to send the verification code | 发送验证码失败 | |
| 400 | IDAAS.SDK.SOCIAL.1001 | The social account is unbound incorrectly | 社交账号解绑错误 | |
| 400 | IDAAS.SDK.SOCIAL.1002 | The social account has been bound, please unbind it first | 社交账号已绑定,请先解绑 | |
| 400 | IDAAS.SDK.PWD.1001 | The password length is incorrect | 密码长度错误 | |
| 400 | IDAAS.SDK.PWD.1002 | The password cannot be the username | 密码不能为用户名 | |
| 400 | IDAAS.SDK.PWD.1003 | Your password complexity is low | 你的密码复杂度过低 | |
| 400 | IDAAS.SDK.PWD.1004 | The password is weak | 密码很弱 | |
| 400 | IDAAS.SDK.PWD.1005 | The password is used before, cannot be used again | 该密码已被使用过,不能再次使用 | |
| 400 | IDAAS.SDK.PWD.1006 | Password cannot username in reverse order | 密码不能是用户名的倒序 | |
| 400 | IDAAS.SDK.PWD.1007 | The number of repeated password characters exceeded the upper limit | 密码重复字符数超过限制 | |
| 400 | IDAAS.SDK.PWD.1008 | Password cannot contain :username, phone number, email prefix, name in PinYing | 密码不能包含:用户名、电话号码、邮件前缀、拼音名 | |
| 400 | IDAAS.SDK.MFA.1001 | The mobile doesn't match the user | 手机号和用户不匹配 | |
| 400 | IDAAS.SDK.MFA.1002 | The access control policy is incorrect | 访问控制策略配置错误 | |
| 400 | IDAAS.SDK.MFA.1003 | Access control authentication source type conversion error | 访问控制身份验证源类型转换错误 |