Mobile & Web SDKs · v1.1.0

Android SDK

Kotlin-first. Jetpack Compose components, SMS Retriever for permission-free OTP auto-fill, WhatsApp OTP via wa.me, marketing attribution with Install Referrer.

Requirements

  • Android minSdk 21 (Lollipop), compileSdk 34+
  • Kotlin 1.9+, JVM target 17
  • Google Play Services on the device (for SMS Retriever)

Install

// app/build.gradle.kts
dependencies {
    implementation("in.quickauth:sdk:1.1.0")
}

Maven Central required

The SDK lives on Maven Central — confirm mavenCentral() is in your settings.gradle repositories block (it’s in the default for new Android Studio projects).

Initialize

MyApplication.kt
// MyApplication.kt
import io.quickauth.sdk.QuickAuth
import io.quickauth.sdk.core.Config
import io.quickauth.sdk.auth.AuthEvent

class MyApplication : Application() {
    override fun onCreate() {
        super.onCreate()

        QuickAuth.init(
            context = this,
            config  = Config(
                onTokenExpiry = {
                    // Call YOUR backend's /api/quickauth-token endpoint.
                    myApi.fetchQuickAuthSessionToken()
                },
                // Single typed event stream — all OTP / OneTap outcomes
                // arrive here as a sealed class subtype.
                onAuthEvent = { event ->
                    when (event) {
                        is AuthEvent.OtpSent     -> showOtpInput()
                        is AuthEvent.OtpAutoRead -> prefillInput(event.code)
                        is AuthEvent.Verified    -> finishLogin(event.requestId)
                        is AuthEvent.OtpFailed   -> showError(event.message)
                        is AuthEvent.Error       -> showError(event.message)
                    }
                }
            )
        )
    }
}

Register the Application class in AndroidManifest.xml: android:name=".MyApplication".

Consent

kotlin
QuickAuth.consent.set(true)
val granted: Boolean = QuickAuth.consent.get()

Headless flow

Two methods. initiate kicks off the auth attempt; submitOtp hands back the user-typed code. All outcomes arrive on the onAuthEvent lambda registered at init — including the OneTap silent re-auth path, where the backend emits AuthEvent.Verified directly without sending an SMS.

kotlin
import io.quickauth.sdk.QuickAuth
import io.quickauth.sdk.OtpChannel

lifecycleScope.launch {
    // Step 1 — kick off the attempt. Events arrive via onAuthEvent.
    QuickAuth.auth.initiate(
        phone   = "+919876543210",
        channel = OtpChannel.AUTO,
    )
    // → onAuthEvent emits AuthEvent.OtpSent / AuthEvent.Verified / AuthEvent.Error

    // Step 2 — when OtpSent fires and the user types a code:
    QuickAuth.auth.submitOtp("123456")
    // → onAuthEvent emits AuthEvent.Verified / AuthEvent.OtpFailed / AuthEvent.Error

    // On user-initiated logout, drop the OneTap trust token:
    QuickAuth.auth.reset(forgetDevice = true)
}

SMS Retriever auto-fill

The SDK uses Google Play Services SMS Retriever — no RECEIVE_SMS permission, no user prompt. Your OTP message just needs to contain the 11-char app hash:

kotlin
// Compute the hash once for your release keystore + applicationId:
val hash = SmsRetriever.computeAppHash(this)
Log.d("QuickAuth", "App hash: $hash")

// Or via Gradle: ./gradlew computeAppHash

Upload your release SHA-256

On the QuickAuth dashboard, upload your release-keystore SHA-256 fingerprint. We append the matching app-hash to your outbound OTP messages automatically — your code does not need to know about the hash at runtime.

Pre-built UI (Compose)

import io.quickauth.sdk.ui.QuickAuthLoginButton

@Composable
fun LoginScreen() {
    QuickAuthLoginButton(
        phone     = "+919876543210",
        onSuccess = { jwt -> saveJwt(jwt) },
        onError   = { err -> Log.e("QuickAuth", err.message ?: "") },
    )
}

Attribution

kotlin
lifecycleScope.launch {
    // Captures Install Referrer (Play Store), launch intent UTMs, fingerprint.
    QuickAuth.attribution.captureLaunch(intent)

    QuickAuth.attribution.trackConversion(
        event    = "signup",
        value    = 0.0,
        currency = "INR",
    )
}

API reference

SymbolDescription
QuickAuth.initialize(...)One-time init in your Application class.
.consent.set / getConsent gate.
.auth.initiate(phone, channel)Suspend. Emits AuthEvent.OtpSent or AuthEvent.Verified.
.auth.submitOtp(code)Suspend. Emits AuthEvent.Verified or AuthEvent.OtpFailed.
.auth.reset(forgetDevice)Reset the state machine and (optionally) drop the trust token.
.auth.observeOTP()Flow<String> of inbound OTP codes from SMS Retriever.
QuickAuthLoginButtonComposable login button.
QuickAuthOtpFieldComposable OTP input.
SmsRetriever.computeAppHash(ctx)Helper to compute the 11-char hash.
.attribution.captureLaunch / trackConversionAttribution APIs.

Source & changelog

Source: github.com/quickauthin/quickauth-sdk-android. Maven coordinate: in.quickauth:sdk:1.1.0.