Get User and Session Information

This document focuses on getting the user and session information using an authorization code for apps with a backend server.

With this flow:

  • Your app gets authorized on the client-side by sending an authorization code to your app backend server.
  • Your app backend server then exchanges the authorization code to acquire its own token and refresh_token from servers.
    • This enables your app backend server to make API calls to servers while the user is offline.


  • This is a more secure login authentication flow that is only applicable for apps with a backend server.
  • If your app does not have a backend server, you can follow this section to continue with the basic login flow.


1. Generate Authorization Code using your client_id and sign in the user

The authorization code is a one-time code that your backend server can exchange with servers to get token and refresh_token.

To generate authorization code using your client_id and sign in the user, refer to the following implementation:

 public static final String CODE = "code";
  public static final String CLIENT_ID = "your client id";
  public static final String ACCOUNT_TYPE = "";
  public static final String HOST_URL = "hostUrl";

  private void signIn() {
      Account account = getNowggAccount();
      if (account != null) {
          Bundle bundle = new Bundle();
          bundle.putString("client_id", CLIENT_ID);
          String authTokenType = CODE;
                  getAuthToken(account, authTokenType, bundle, MainActivity.this, new OnTokenAcquired(), null);
      else {

   private Account getNowggAccount() {
      Account[] accounts = AccountManager.get(getApplicationContext()).getAccountsByType(ACCOUNT_TYPE);
      if (accounts.length > 0) {
          Log.d(TAG, "getNowggAccount: account found");
          // currently only one account can be added in a system
          return accounts[0];
      return null;

   private void addNowggAccount() {
      try {
          Intent intent = new Intent();
          intent.setComponent(new ComponentName("", ""));
      } catch (ActivityNotFoundException e) {

Note: This process will generate a callback in OnTokenAcquired() function.

2. Get Authorization Code

After the user signs in, you get the requested authorization code in OnTokenAcquired callback function. To get the authorization code, refer to the following illustration:

private class OnTokenAcquired implements AccountManagerCallback {
         public void run(AccountManagerFuture result) {
             try {
             Bundle bundle = result.getResult();
             boolean success = bundle.getBoolean(AccountManager.KEY_BOOLEAN_RESULT, false);
             if (success) {
                 final String code = bundle.getString(‘authorization_code’);
                 // You are required to send this code to your backend server and call the Generate Tokens API to receive refresh_token/token with this code on app backend server and wait for response from server.
             else {
                 // get token failed
                 // error case, developer can show error or show other login mechanisms
                 Log.d(TAG, "run: get token failed " + bundle);
             } catch (AuthenticatorException e) {
             } catch (IOException exception) {
             } catch (OperationCanceledException e) {

Important Information

  • You must send this code to your backend server, call the Generate Tokens API to receive refresh_token/token with this code on your app backend server and wait for a response from the server.

3. Generate Token and Refresh Token

Once you have the authorization code, send it to your app backend server and use the Generate Tokens API to exchange this code with servers for a token and refresh_token.


  • Use the token to call APIs (User Info and Session Info).
  • Store the refresh_token to acquire a new token when the token expires.

4. Get User and Session Information using a token

Now that you have the token, you can use it to fetch the user and the session information.

5. Refresh the token

If your token has expired, you can generate it with your refresh_token using the Generate Tokens API.

Text copied to clipboard
Link copied to clipbord
Questions? Please reach out to us at