The Auto-login from Kakao Talk (Auto-login, for short) is an extended feature of Kakao Login, which allows you to show a different page depending on the response. This feature allows for a more efficient and convenient service for users according to their signup status when accessing your service page in the Kakao Talk in-app browser.
The Auto-login process is broken down into three steps.
Step 1. Check for which browser the service page is being accessed onThis feature only works through the Kakao Talk in-app browser. To check if the user access the page through the Kakao Talk in-app browser, check if KAKAOTALK is included in UserAgent.
Browser | Rule | Description |
---|---|---|
Kakao Talk in-app browser | KAKAOTALK | Mozilla/5.0 (Android; Mobile; rv:13.0) Gecko/13.0 Firefox/13.0 KAKAOTALK |
After checking that the user browser is the Kakao Talk in-app browser, add the prompt
parameter to the request of Getting authorization code API and set it to "none".
Refer to the following developement guides to see how to request in detail:
If the request is successful, check its response to figure out whether the user has signed up or not. Then, present different pages according to the user's signup status.
If a user has signed up, an authorization code is issued. Thus, the user does not go through the login process of inputting the user's ID and password. In this case, request tokens using the issued authorization code to complete the login process, and then present your service page to a user in a logged-in state.
If a user has not signed up, the user cannot complete the login. In this case, the error response is returned with consent_required
, indicating that the user's consent is required to use a service. Thus, you must present a service page to the user in a logged-out status.
Here is a sequence diagram showing the Auto-login process.
Here is one of the Auto-login scenarios. As an example, let's see a product page that is commonly shared through Kakao Talk.
prompt=none
in the login request. After checking that the user browser is the Kakao Talk in-app browser, request an authorization code using a REST API. To use the Auto-login feature, you must add prompt=none
in the request. If not, general Kakao Login proceeds instead of the Auto-login.
You can get the authorization code through redirect_uri
that the Kakao authorization server passes to as the query string.
If a user has signed up with the Kakao Account through Kakao Sync, only the authorization code is returned in the response. In this case, show the user your service page in a logged-in state after requesting an access token and a refresh token with the authorization code.
On the other hand, if a user has not signed up yet, an error is returned. In this case, show the user your service page in a logged-out state. You also need to implement the login process without Auto-login when a user takes an action that requires login or signup.
RequestGET /oauth/authorize?client_id=${REST_API_KEY}&redirect_uri=${REDIRECT_URI}&response_type=code&prompt=none HTTP/1.1
Host: kauth.kakao.com
Name | Type | Description | Required |
---|---|---|---|
client_id | String |
REST API key that Kakao issues when you create an app. You can check Your REST API key in [My Application] > [App Keys]. | O |
redirect_uri | String |
Callback URL that the authorization code is redirected to. | O |
response_type | String |
Fixed as code . |
O |
prompt | String |
Used to request reauthentication by selecting whether to present an interactive UI. To see more information and error types related to this parameter, refer to Get authorization code. To use the Auto-login feature, set to none and pass it when requesting an authorization code. |
O |
state | String |
Parameter to strengthen security. Random string generated by your app to keep the state between the request and callback. It is recommended to use this parameter to protect from Cross-Site Request Forgery(CSRF). |
X |
Name | Type | Description | Required |
---|---|---|---|
code | String |
authorization_code that returns if your request succeeds. |
O |
state | String |
If this parameter is included in the request, the same value as the request must be returned. | X |
error | String |
Error code that is returned if your request fails. | X |
error_description | String |
Error message that is returned if your request fails. | X |
HTTP/1.1 302 Found
Content-Length: 0
Location: ${REDIRECT_URI}?code=${AUTHORIZATION_CODE}
HTTP/1.1 302 Found
Content-Length: 0
Location: ${REDIRECT_URI}?error=consent_required&error_description=user%20consent%20required.
For Auto-login, add auto_login
to extraParams
, and set it to true
. The auto_login
parameter should be Map
type, and use the constants only supported by com.kakao.auth.StringSet as values.
Set AuthType
to KAKAO_TALK_ONLY
because Auto-login only works from the Kakao Talk in-app browser.
If a user successfully logs in, the user is redirected to a service page in a logged-in state.
import com.kakao.auth.StringSet;
public class SampleLoginActivity extends BaseActivity {
private SessionCallback callback;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_sample_login);
callback = new SessionCallback();
Session.getCurrentSession().addCallback(callback); // Add callback
Map<String, String> extraParams = new HashMap<>();
extraParams.put(StringSet.auto_login, "true");
Session.getCurrentSession().open(AuthType.KAKAO_TALK_ONLY, this, extraParams); // Pass KAKAO_TALK_ONLY as a parameter. Otherwise, the webView login is executed if Kakao Talk has not installed.
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (Session.getCurrentSession().handleActivityResult(requestCode, resultCode, data)) {
return;
}
super.onActivityResult(requestCode, resultCode, data);
}
@Override
protected void onDestroy() {
super.onDestroy();
Session.getCurrentSession().removeCallback(callback); // Remove callback
}
private class SessionCallback implements ISessionCallback {
@Override
public void onSessionOpened() {
// Login success
}
@Override
public void onSessionOpenFailed(KakaoException exception) {
// Login fail
}
}
}
To use the Auto-login feature, you need to call canOpenURL
that checks if Kakao Talk has been installed, and set authType
to KOAuthType.talk
. After that, pass KOSessionAutoLoginParameterKey
as parameters
.
// Check if Kakao Talk has been installed
if UIApplication.shared.canOpenURL(URL(string: "kakaokompassauth://")!) {
// For Auto-login, add `KOSessionAutoLoginParameterKey`
let parameters = [KOSessionAutoLoginParameterKey: "true"]
// Simple login without a dialog to choose a login method
let authTypes = [NSNumber(value: KOAuthType.talk.rawValue)]
// Proceed login
KOSession.shared()?.open(completionHandler: { (error) in
if error != nil {
// Change to a logged-in state
} else {
// If login fails or other error occurs, Auto-login is not available.
}
}, parameters: parameters, authTypes: authTypes)
} else {
// If Kakao Talk has not been installed, Auto-login is not available.
}
Considering the Auto-login is only available in the Kakao Talk in-app browser, you need to handle an error exception by showing the user the service page in a logged-out state if Kakao Talk has not been installed on the user's device. There is also the error exception that a user has not yet signed up for KaKao Talk. In this situation, you need to handle the expectation as you would a logged-out state.