Android SDK
Kotlin-first. Jetpack Compose components, SMS Retriever for permission-free OTP auto-fill, WhatsApp OTP via wa.me, marketing attribution with Install Referrer.
Requirements
- Android minSdk 21 (Lollipop), compileSdk 34+
- Kotlin 1.9+, JVM target 17
- Google Play Services on the device (for SMS Retriever)
Install
// app/build.gradle.kts
dependencies {
implementation("in.quickauth:sdk:1.1.0")
}Maven Central required
The SDK lives on Maven Central — confirm mavenCentral() is in your settings.gradle repositories block (it’s in the default for new Android Studio projects).
Initialize
// MyApplication.kt
import io.quickauth.sdk.QuickAuth
import io.quickauth.sdk.core.Config
import io.quickauth.sdk.auth.AuthEvent
class MyApplication : Application() {
override fun onCreate() {
super.onCreate()
QuickAuth.init(
context = this,
config = Config(
onTokenExpiry = {
// Call YOUR backend's /api/quickauth-token endpoint.
myApi.fetchQuickAuthSessionToken()
},
// Single typed event stream — all OTP / OneTap outcomes
// arrive here as a sealed class subtype.
onAuthEvent = { event ->
when (event) {
is AuthEvent.OtpSent -> showOtpInput()
is AuthEvent.OtpAutoRead -> prefillInput(event.code)
is AuthEvent.Verified -> finishLogin(event.requestId)
is AuthEvent.OtpFailed -> showError(event.message)
is AuthEvent.Error -> showError(event.message)
}
}
)
)
}
}Register the Application class in AndroidManifest.xml: android:name=".MyApplication".
Consent
QuickAuth.consent.set(true)
val granted: Boolean = QuickAuth.consent.get()Headless flow
Two methods. initiate kicks off the auth attempt; submitOtp hands back the user-typed code. All outcomes arrive on the onAuthEvent lambda registered at init — including the OneTap silent re-auth path, where the backend emits AuthEvent.Verified directly without sending an SMS.
import io.quickauth.sdk.QuickAuth
import io.quickauth.sdk.OtpChannel
lifecycleScope.launch {
// Step 1 — kick off the attempt. Events arrive via onAuthEvent.
QuickAuth.auth.initiate(
phone = "+919876543210",
channel = OtpChannel.AUTO,
)
// → onAuthEvent emits AuthEvent.OtpSent / AuthEvent.Verified / AuthEvent.Error
// Step 2 — when OtpSent fires and the user types a code:
QuickAuth.auth.submitOtp("123456")
// → onAuthEvent emits AuthEvent.Verified / AuthEvent.OtpFailed / AuthEvent.Error
// On user-initiated logout, drop the OneTap trust token:
QuickAuth.auth.reset(forgetDevice = true)
}SMS Retriever auto-fill
The SDK uses Google Play Services SMS Retriever — no RECEIVE_SMS permission, no user prompt. Your OTP message just needs to contain the 11-char app hash:
// Compute the hash once for your release keystore + applicationId:
val hash = SmsRetriever.computeAppHash(this)
Log.d("QuickAuth", "App hash: $hash")
// Or via Gradle: ./gradlew computeAppHashUpload your release SHA-256
On the QuickAuth dashboard, upload your release-keystore SHA-256 fingerprint. We append the matching app-hash to your outbound OTP messages automatically — your code does not need to know about the hash at runtime.
Pre-built UI (Compose)
import io.quickauth.sdk.ui.QuickAuthLoginButton
@Composable
fun LoginScreen() {
QuickAuthLoginButton(
phone = "+919876543210",
onSuccess = { jwt -> saveJwt(jwt) },
onError = { err -> Log.e("QuickAuth", err.message ?: "") },
)
}Attribution
lifecycleScope.launch {
// Captures Install Referrer (Play Store), launch intent UTMs, fingerprint.
QuickAuth.attribution.captureLaunch(intent)
QuickAuth.attribution.trackConversion(
event = "signup",
value = 0.0,
currency = "INR",
)
}API reference
| Symbol | Description |
|---|---|
QuickAuth.initialize(...) | One-time init in your Application class. |
.consent.set / get | Consent gate. |
.auth.initiate(phone, channel) | Suspend. Emits AuthEvent.OtpSent or AuthEvent.Verified. |
.auth.submitOtp(code) | Suspend. Emits AuthEvent.Verified or AuthEvent.OtpFailed. |
.auth.reset(forgetDevice) | Reset the state machine and (optionally) drop the trust token. |
.auth.observeOTP() | Flow<String> of inbound OTP codes from SMS Retriever. |
QuickAuthLoginButton | Composable login button. |
QuickAuthOtpField | Composable OTP input. |
SmsRetriever.computeAppHash(ctx) | Helper to compute the 11-char hash. |
.attribution.captureLaunch / trackConversion | Attribution APIs. |
Source & changelog
Source: github.com/quickauthin/quickauth-sdk-android. Maven coordinate: in.quickauth:sdk:1.1.0.