 Android. It's the most popular operating system in the world. It runs on more devices than any other OS. It's got 3 billion users and it counts for 70% of all smartphone operating systems. That means that you want to make Android apps and sooner or later you're going to need to write an Android app that lets users log in and log out or features authentication as we like to put Now let me tell you don't roll your own authentication. It only looks simple and it's one of those features that ends up turning into its own project or several projects. In this video what I'm going to do is I'm going to show you that with Auth0 and a few lines of Kotlin code you can add authentication to an Android app and we're going to have some fun along the way. So fire up Android Studio and let's get started. I find it so much nicer when I know what I'm going to build before I start a tutorial. So let me take you on a grand tour of what our app does. What you're looking at is the Android emulator and it's pretending to be a Google Pixel 3a that's a phone from about 2019 and it is running Android API 30 also known as Android 11. So from a couple of years ago the purpose of this exercise is about adding authentication to an Android app. So I paired down the scope of the app as much as possible. It's a single screen with two modes logged in and logged out and that's it. So on the emulator what I've got is the logged out screen that you see when you first fire up the app. It just simply says welcome to the app and you've got a login and log out button with the log out button disabled and the login button enabled and ready waiting for a button press. So I'm going to press on it in the emulator and what will appear shortly is a dedicated browser window, a web view that displays Auth0's universal login page. It's called universal login because it looks the same no matter what platform it's on, whether it's on a mobile device, Android or iOS or a web page or a desktop application. It renders inside a dedicated web browser or web view so that it does look the same across all platforms. Now it gives you all the features that you would expect from a login page including you know the nice username and password text fields, the forgot password link, the sign up for an account link and if you decide to continue you can also add all kinds of extra goodies like social login and biometrics and multi-factor authentication. It's all supported there and it's all built around universal login. Now before you get worried and go wait wait I want it to look like my thing, don't worry. The Auth0 dashboard lets you customize universal login so that it has your organizations or apps color scheme and look and feel. You can make it look like you. If I hit the back button right now I get taken back to my app and I see a little snack bar at the bottom that says hey you've got to log in to use the app so all right better log in so I'm gonna press the log in button again get taken back to universal login and I'm going to log in using a pre-created user rando at example.com my favorite example user then I'm going to type in my extremely secure password and log in. This takes me to the logged in screen which is very simple all it does is says welcome to the app. The log in button is still there but now it's disabled the log out button is now enabled and we see three pieces of information the user's name the user's email address and the user's photo being the observant developers I know you are you've probably noticed that the name and email are the same these are the default values when creating a new user the name gets set to the same thing as email and the user's image is the default image it's just generated from the user's initials. Log in has it's not at all evil twin log out so let's take that for a spin. Going back to the emulator I'm going to click on the log out button which takes me back to the initial screen but this time the title has changed to your logged out the log in button is re-enabled and the log out button is disabled and that's the app. Rather than make you start from scratch we've created a starter project that you can download you can find it at the link in the down below section of the description and go grab it. Once you've downloaded the starter project load it up in android studio and take it for a test run I'm going to click android studio's run button right now which should fire up the emulator and show me the app's single screen in logged out mode which means you see the title you see welcome to the app and the log in button enabled and the log out button disabled. Pressing on the buttons right now does nothing but that's to be expected the first step in this exercise is to register the app inside auth zero in order to do this one of the first things we need to do is get the app's package name which is contained inside the android manifest file this file is called android manifest.xml it's inside the manifests folder which is inside the app folder in the android studio project pane so I'm going to click on it right now to get a look at the file and it is in this tag the manifest tag and it is the in the package attribute here in this case for the starter app it is com dot auth zero dot android login copy this value and put it someplace safe we're going to use it in just a moment all right it's time to register the app in the auth zero dashboard this is a three step process the first thing we're going to do is add the app to the auth zero dashboards list of registered applications then we're going to gather two pieces of information and this is information that the app needs in order to be able to delegate login and log out to the auth zero service and then finally we need to provide auth zero with the necessary callback url so that it can communicate with your app it's time to log into the auth zero dashboard and in order to be able to do that you need an auth zero account you can sign up for one down below the link is in the description and yes there is a free tier in fact uh the account that we're going to be using in this demo is a free account and it's an actually useful free account it supports up to 10 apps and 7 000 users with unlimited logins that is more than enough for you to evaluate the system do a lot of experimenting and even run a small business so yeah don't wait sign up for an account now i'll wait and then you can log in all right now that you've created an auth zero account or if you already have an auth zero account log into it right now this will take you to the dashboard for your auth zero tenant now an auth zero tenant loosely speaking is a set of applications users connections and other information that you can manage using your auth zero account now when you log into the dashboard the first thing you're going to see is the getting started page it's worth checking it out a little more detail to find out what's available to you on your auth zero dashboard but we're not interested in that right now what we really want to do is we want to get started setting up an auth zero application within the dashboard in other words we want to be able to connect your android app to auth zero and we're going to do that right now so what you should do is find the applications item in the left hand menu of your dashboard and click on that that's going to pop up a submenu and from that select applications again this will take you to the list of applications that is under your account now in a brand new account there's only going to be one application in that list that's a default app that's auto generated when your account is created we could use it but we won't what we want to do instead is we want to start creating a new application one specifically for our android app the way we do that is by creating a new application you do that by clicking the create application button and it will ask for some details what we need to do in this window is just provide a name and specify what type of application it is in this case i'm going to give it the name android login and it is a native app so i'm going to select native under choose an application type and then i'm going to click create auth zero will take a moment or two to create your application but once it's done you'll be taken to the applications quick start page the quick start page provides a menu of starter applications for all sorts of operating systems and application frameworks including android ios desktop and various frameworks like react native and ionic and flutter and so on now you'll also see that there are a couple of android quick start projects that you can download but you've already downloaded a starter project so you don't need to do that we can simply jump to the settings page to configure auth zero and the starter project so that they can talk with each other the way to do that is to click on the settings tab on the settings page we're going to do two very important things one get information that the app needs to know about auth zero and two provide information that auth zero needs to know about the app there are two pieces of information that we need to work with first the domain and the client id now both of these are unique identifiers that help auth zero and your application talk to each other the domain which i'm highlighting on the screen right now is the unique identifier for your auth zero tenant it's how your app reaches auth zero you're going to highlight the client id now it also is a unique identifier but this is the unique identifier for your application it's how auth zero distinguishes one application from all the others auth zero's android library expects to find the auth zero's tenant domain and your app's client id stored a string resources inside your android project now to keep things simple the starter project already has a string resource project called auth zero dot xml in your project you'll find it in the resources folder let me switch to android studio under res the resources folder under values there it is auth zero dot xml i'm going to double click it so you can see its contents you can see that there's just a handful of xml tags in there whose values are placeholders with instructions telling you what to replace those values with so the first one is the domain value i'm going to go back to the auth zero dashboard and copy the domain value luckily there is a handy little copy button right there so i'm going to click that then i'm going to switch back to android studio and paste that domain value into the place where the xml file tells me to paste it which is inside the com underscore auth zero underscore domain tag so i will paste it right there that's my domain i need to go back to the auth zero dashboard and get the other key piece of information client id once again the client id field like the domain field has a handy copy button i'm going to click that go back to android studio and paste it into the appropriate tag which is com underscore auth zero underscore client underscore id a lot of underscores there anyways let me paste that value in and there we have it that is most of auth zero dot xml filled out you've probably noticed that there's still one placeholder value left in auth zero dot xml and that is the one with the tag name com underscore auth zero underscore scheme now what you should do is simply take the placeholder value and replace it with a nice short string called app and in a moment when we cover the call back and log out urls i'll explain what the scheme is for so right now just set com underscore auth zero underscore scheme to app you've given the android app the domain and client id and that's what it needs to communicate with auth zero what we need to do now is give off zero the information it needs to communicate with the app and it communicates with the app using two urls a callback url which it uses to communicate with the app to signal that a user has successfully logged in and a log out url which you've probably already guessed is what auth zero uses to signal to the app that a user has logged out now you're probably thinking wait a minute this is an android app it uses activities which you navigate to using intents not urls and things like that well you're absolutely right and in the case of android native applications the callback and log out urls are translated into intents to inform the app that yes the user is either logged in or logged out so what we're going to do in the next step is set up these urls the callback and log out urls are the same string and they follow the format that i'll show you right now you can see it on my screen here you can see placeholder values contained within curly brackets so the first thing to do is replace the scheme placeholder and if we were working with a web app the scheme would be something like https maybe http if we weren't feeling uh security conscious but anyways in this case since this is an android app it doesn't have to be https and in fact it can be anything i prefer to use app as the scheme just to make it very very clear that we're dealing with an app and we are not talking to a web application and that's why in the previous step you set the com underscore of zero underscore scheme value to app we're matching it here the next thing is the your domain placeholder and we are going to replace it with the domain of our tenant so i will copy it from the dashboard and paste it over the your underscore domain placeholder like so and then finally there is the app package name in case you've forgotten you can find the app package name in android studio under android manifest dot xml and if you've been following along or if you're using the starter app it is com dot oz zero dot android login so i will take that and replace the placeholder with that value com oz zero android login so this is the callback url it also happens to be the logout url so we will take this value go back to uh the android uh android dashboard and scroll down to the application uri section of our dashboard and paste it into two particular text fields allowed callback urls and allowed logout urls this completes all the setup we have to do on the off-zero side the last thing we need to do is just scroll down to the bottom of the page and click the ever important save changes button and with that you should see a notification that your changes have been successfully saved and we are good on the off-zero side it's now time to work on the app hey remember those values for the domain and url scheme that we defined a little while back in the off-zero dot xml file well we need to let the project know about them by defining a couple of manifest placeholders for them in the apps build dot gradle file and yes i remember in an android project there are two build dot gradle files the build dot gradle file i'm talking about is the one for the app so i have it open on my screen right now and we are going to add the manifest placeholders to the default config section i typically like to add it here after this first block with application id min sdk etc and before the test instrumentation runner part so i'm going to paste the line in here let me expand my screen so you can see the whole thing here we go so manifest placeholders just defines a couple of key value pairs basically telling the application yeah what off-zero domain is where it can find it and where where it can find the off-zero scheme note that this is basically telling the project that the off-zero tenants domain and its uh and its url scheme can be found stored in specific tags inside the apps string resource files so remember we defined that earlier in order to use off-zero you'll need to install two libraries first one is off-zero dot android it's a collection of libraries that enables android apps to use off-zero's apis including the authentication api which is the thing that lets you log in and log out users the other thing we're going to need is a library called j wt decode dot android and the app is going to use it to decode the user's identity information which is encoded in a j wt or a jason web token now we add these libraries into the bill gradle file which we're still at and it's inside the dependency section so what i'm going to do is i'm going to add i'm going to add a couple of blank spaces here i'm just going to separate out where i'm adding the off-zero specific libraries and i'm going to paste them right here to the end of the dependency section like so so this is the dependency for off-zero dot android and here is the dependency for j wt decode dot android now at this point anytime you make a change to a gradle file android studio is going to tell you hey gradle files have changed since last project sync a project sync may be necessary yada yada yada follow android studio suggestion click sync now one more change and then we can actually start coding and that is we need to enable the app to access the internet because of course the app needs to communicate with off-zero over the internet to enable login and log out and we enable internet access in the manifest file so i'm going to open android manifest dot xml and just after the opening manifest tag i'm going to paste in this tag the user's permission tag where we specify that yes this application does have permission to access the internet it's time to get coding after all that set up so let's do it let's implement login now in order to do that we need to open the main activity file which i have open on my screen right now now log in and eventually log out both rely on functionality from the off-zero android library so we need to import that so i'm going to expand the import section and i'm going to paste in the necessary import files to support what we're going to do there we go you can see right now they're grayed out they will lighten up as we start using them if you look at the code for the main activity class you can see that i've left some to-do statements here for some properties for the main activity class there are properties for the app and user status and for the off-zero data let's start with app and user status so i'm going to remove this to-do comment and i'm going to add a couple of properties the first one will be private late in it and it'll be a variable called account and it'll be a variable of type off-zero object the next one we're going to have is another private variable called app just launched and it's going to be a boolean that whose initial value will be true and then finally one more private variable called user is authenticated and that will initially be false so these properties that you just added account is an object containing account information about the app the app's client id and its tenants domain it's what we're going to use to connect to off-zero app just launched is a boolean that is true only immediately when the app is launched and false straight after that and then finally user authenticated is just what it sounds like it's true when the user is logged in and false when the user is logged out we need one more property to hold data about the user that we receive from off-zero so i'm going to add it here in the off-zero data section i'm going to get rid of this to-do comment and declare it once again private variable called user and it is an instance of the user class which is defined here if you look at the left side menu you can see that there is a predefined user class we'll look at it in just a moment but let's get back to main activity uh there it is now this is an instance of the user class once again it's per it's a data class and its purpose is to contain and decode identity information about the current user who's logged in we'll use the on create method which gets called whenever an activity is created to initialize a couple of things uh first we need to initialize an account object using the app's client id and the tenant's domain this account object is necessary for uh logging in and logging out and we'll use it in the log in and log out methods the other thing of course we need to do is connect the log in and log out buttons to their corresponding methods so uh let me do that right now first of all let's initialize uh the account property we set up earlier so it's an instance of the auth zero object and it needs the client id which we're going to get from the string resource we defined earlier com underscore auth zero underscore client underscore id that's the first one and then the second one let's see now once again we need get string r dot string dot com underscore auth zero underscore domain so that takes care of the account property the other thing we need to do is we need to connect uh the log in and log out buttons and we can do that by accessing binding and then we've got button login and we'll set its on click listener to log in and we'll do something similar for the log out button so binding button log out set on click listener to log out one more thing let's set the title text to its initial value welcome to the app and we can do that right here once again we'll use binding text view title and then we'll set its text property to the welcome to the app value that I have stored in a string resource so I'll do get string r string and it should be there it is initial title later on in the app when the user is logged in we'll change it to your logged in and later again when the user logs out we'll update it to your logged out now it's time to work on the login method which I'm going to build a little bit at a time scroll login into view and uh get rid of the to do comment and uh just begin now everything that we're going to do is going to hinge on the web auth provider object and what that allows us to do is interact with the auth zero authentication part of the library and the first thing we're going to do is we're going to call the login method and the login method expects one argument that account object that we created earlier what we're doing is we're doing some method chaining so as soon as we get back uh the returned object from the login method we then pass it to the next method which is with scheme where we specify the url scheme for the domain remember we define that uh we define the url scheme a little bit earlier in auth zero dot xml so we're going to pull out that uh particular scheme right now we're going to get it straight out of the string resource so it'll be get string r string com underscore auth zero underscore scheme we're going to take the result of the with scheme method and then once again this is method chaining we will call the start method and this is the actual method that starts the actual login process with auth zero and start takes two arguments the first one is the context of the activity that we're in so that's just simply the this value and then it takes an object which provides two methods let me just define the object type call back credentials comma and of course be able to must be able to handle an authentication exception and what this object needs to do is it needs to provide two methods one named on failure the other named on success so let me just define uh some stub versions of those methods right now and then we'll fill them out so that's on failure right there and i'm going to do the same for on success and uh you know what actually i'll leave it as this i was going to make these to do comments but might as well use the to do function let's deal with the case where on failure gets called now on failure is most often called when the user cancels out of universal login uh usually they're going oh you know what i don't remember my username or password like that they hit the cancel button and off zero returns from universal login back to the application um we're going to keep it simple and we'll just simply have the app display a snack bar telling the user you know what you have to log in if you want to use the app so we'll do that so i'm going to replace the to do in on failure with a call to show snack bar and i've already defined a string the strings resource that will show when the user cancels out of universal login so i'm just going to call get string r string dot and it should be login underscore there it is up login underscore failure underscore message and that's it that handles the on failure case it's time to implement the other method on success which is the method on the happy path it means that the user has successfully logged in and when that happens we want to do a couple of things which is one set the user is authenticated property to true and two call the update UI method two you guessed it update the UI so let me find this to do and we'll set user is authenticated to true and make a call to update UI now that we've done the login method it's time to code the log out method and just like log in i'm going to build log out a little at a time so once again log out just like log in starts with web off provider and then we're going to chain a bunch of methods together starting with log out now log out requires an account as its argument it's the same account object we used for login we also have to specify the url scheme once again that we're just going to get it from the string resources get string r dot string dot com underscore off zero underscore scheme so that's that and then once again we call the stark method and the stark method takes two arguments one is the context of this activity and the other one is an object providing two call back methods so i'm going to enter not call back but call back optional void and the other the other type is authentication exception and once i've done that i've got to specify two methods first of all the on failure method and the on success method and there we go that is the first step to building log out now on failure is rarely called as a result of logging out it means that something unusual has happened and handling this case is beyond the scope of this tutorial so what we'll do for the failure case is simply show a snack bar with a general failure message that i've actually defined if i let me show you here in strings dot xml uh let's see now yes general failure with exception code and it's a parameterized string what we're going to do is we're also going to show the error code so let me code that right up go back to main activity and let's code on failure that's going to simply be let me call the show snack bar method and of course we'll get the string from the resources it's in our string dot general general failure with exception code and we'll include the exception code right here so error get code and that takes care of the on failure case and now the happy path in other words if we're executing on success it means that the user logged out successfully and in that case what we want to do is we want to set the user is authenticated property to false and we want to call update ui again to update the ui to the logged out state so let's do that right now this is fairly simple this is user is authenticated and we set its value to false and we make a call to update ui and that is the on success case for logout finally it's time to update the ui so let's do that we do that in the update ui method so i'm going to remove this to do comment and we do two things when we're updating the ui one is that we update the title text tell the user whether they're logged in or logged out and the other thing we do is set the appropriate button states so enable and disable the login and logout buttons depending on the user whether they are authenticated or not so let's take care of the title text first so it'll be binding text view title text and of course its value is going to depend on if it's the user is authenticated or not so we'll use this style of if which coplan greatly provides for us and then if the user is authenticated we will set title view texts of value to the logged in title otherwise we'll set it to the logged out title both of which are values stored as a string resource so logged out title there we go that takes care of the title text now for the button states so we'll take care of the login button and it is enabled if the user is not authenticated which makes sense if the user is logged out they want to be able to log in and vice versa so we will do that for the logged out button log out button button log out is enabled set to user is authenticated and that's it for update UI all right moment of truth time to run the app so pull out whatever lucky charm you have hit the run button and say the magic incantation this should work and let's see what happens now remember you're going to need to create a user in order to be able to log in you can do that in the dashboard right here on the users page you can get there by selecting user management and then users and then click and create users the process is pretty straightforward but hey back to the app you can see on the emulator that we do have welcome to the app on the screen the login button is enabled so let's go click it I have already created a user using the fictitious email address rando at example.com and my super secure demo password by the way don't try to hack me I don't use this in real life and finally I will hit enter and try and log in and there we go we are now logged in the title text has changed to your login the login button is disabled and the log out button is enabled the app has communicated with auth zero and sent back some information specified yes this user rando at example.com is logged in to log out we simply click log out and we return back to the original screen but this time instead of saying welcome to the app the title text says you're logged out the login button is once again enabled and the log out button is disabled so yes not bad for a first run now the app actually has been sent information about the user and what we need to do is we need to extract it we haven't done that yet neither are we displaying it this next step in this tutorial is to take that user information extract it from whatever thing auth zero gave the app and then display it on screen so let's do that now remember when the user successfully logs in the on success method contained within the login method gets executed and when that happens one of the things we get back is something called result which is an object of type credentials credentials are a package that auth zero sends to your app upon successful login and one of the key pieces of the credentials is the id token the id token is basically digital proof that we've authenticated the user that's how we know that the user is logged in and we know who they are the other interesting thing about the id token is that it contains information about the user encoded with it and we can extract this information to find out you know the user's name email address other contact information that sort of thing let's get a look at the id token so i'm in the login method and i'm going to add a log here so i'm just going to tag it android login it'll make it easier for me to sort it out through all the stuff that ends up in logging and what i'm going to do is i'm going to take a look at a particular property of the result object result dot id token uh i need to import log so i'm going to do that right now and will that will run the app i'll log in again and as you can see i'm logged in but this time what i'm going to do is let me move the emulator out of the way i'm going to fire up log cap and take a look at what we've got here this got logged it's a bunch of digital gobbledygoo but let me grab it let me copy it and then go over to particular website called jwt.io jwt of course is short for jason web token and one of the things it provides is a jwt decoder i'm going to take the information the id token that i just copied from android studios log cap and paste it into the encoded window and take a look at what happens paste and take a look at the payload here rando at example dot com email rando at example dot com this is information about the user who is logged into the app we can extract this information from the id token and then display it on screen so let's set about to do just that to keep the tutorial simple we did set up a user class whose job is to hold user information and also decode user information stored within an id token so we're going to go to android studio hide the log cap window and let's get a look at that user class we've got the basics laid out here there's a set of properties that mirror the properties that you can get from an id token the ones we're interested in are id the user's unique identifier the user's name email whether or not their email has been verified the url for their picture which is stored as a string and a date string called updated that which tells us when the user's account was last updated when you create an instance of the user class it takes an id token value but does nothing with it right now all user does upon instantiation is set all these string properties to the empty string what we want to do is we want to take that given id token and decode it and then use that decoded information to feed all these properties so we'll do that with the help of library that we imported a little bit earlier when you create an instance of the user class it takes an id token value but does nothing with it right now all user does upon instantiation is set all these string properties to the empty string what we want to do is we want to take that given id token and decode it and then use that decoded information to feed all these properties so we'll do that with the help of library that we imported a little bit earlier the user class expects an id token when it's instantiated and we use that id token to fill these properties after we decode it so we will do that and we'll do that in an init block so what i'm going to do is get rid of the to do comment and this is one of those operations that might fail so it's the perfect place for a try catch block so let me set that up right here and let's see now for try i'm going to make it very clear that we're going to attempt to decode the id token and for catch it's handle case where we failed to decode the id token make it nice and clear so to decode the id token i'm going to need to create a value jwt and we are going to use the jwt object that is provided to us by the jwt library remember that's one of two libraries that we imported earlier the other one being alt zero dot android the authentication library so jwt expects a string and id token is a string optional so we need to reassure jwt that we are actually giving it a proper string and not a thing that could be a string or could be null so here's where the Elvis operator comes in so we're just reassuring jwt that yes you are getting an actual string it's either id token or if it's null empty string at which point we need to import jwt can do that right now there we go red text is gone and if we've made it this far in the tri block it means that we've actually successfully decoded the jwt and we can pull all this information so what i'm going to do is i'm going to cheat a little and i'm going to copy and paste the code that actually does the job but i will walk you through it what we're doing with this block of code right here is we are filling users properties id we we get directly from jwt's subject property the other bits of user information things about the user such as their name email whether their email address is verified or not the location of their picture and when their account was last updated we are getting via jwt's get claim method get claim gets specific claims from the id token and a claim put really simply is just a key value pair of information about a user so this is what we're doing here we're using get claim and we are converting that information from get claim to string and if it's null once again we're using the we're using the Elvis operator here i'm going to attempt to highlight it wow i am not clicking right today but anyways the Elvis operator here to say okay if it's null just set the value to the empty string this all this will fill the information for the user instance and then what we're going to do is we're going to grab it and display it to the user now for catch i want to do one little thing here which is i'm going to this is also going to be a copy and paste it's basically the exception for the catch and in this case we're handling the case where the id token we failed to decode the id token for whatever reason most likely it's not a value we fed it an invalid JWT and basically what we're going to do is we'll just say look so leave the user properties as empty strings there's no code for the catch block we're just simply leaving the user properties as empty strings so that's why i've got a comment here because there's no code i just want to convey what we're doing and why we're doing it so this completes the implementation of user let's put it to use back in main activity let's go back to main activity and make use of this fully implemented user class so i'm going to go to login first that's going to be the first place where we want to make use of the user and i'm going to get rid of the slog line and replace it with this id token and that will simply be result dot id token remember result is the credentials that we get back from off zero and we just want the id token property of that object we also already have a user property and we will use the user class to instantiate that user property by feeding the user class of the id token we received that's all we have to do for a login for logout we're going to do pretty much the same thing except what i'm going to do is i'm going to set user to an instance of the user class but this time not give it an argument what that does is that creates a user with blank properties so on logout what we're doing is we are just simply wiping out the user information that takes care of login and logout now what we need to do is take that information that we now know about the user and display it on screen we'll do that in update ui all right let's update update ui i'm just going to paste in this code because this is relatively straightforward stuff what we're doing is we are taking the information that is now contained in main activities user property and displaying it on screen we are updating some text fields we are loading the image view with the user's image and uh i believe we're done let's take this app out for a spin so i'm running the emulator right now the window should pop up any moment and let's log in so once again randoadexample.com and notice what happens this time uh not only are we getting the logged in screen but we are also getting the user's name and email address uh by default the user's name is set to their email address when you when you create a user inside the auth0 dashboard that's what happens and you also get this default uh default avatar which is basically a graphic with the user's initials or what auth0 decides are your initials it extracts them straight from the email address well guess what we are done you have just completed writing an android app that uses auth0 for login and logout high fives all around you've done well uh hope you enjoyed the tutorial