HarmonyOS5 Cloud Service Technology Sharing - Own Account Pairing with AGC Certification

✨ Step-by-Step Guide: Using Your Own Account with Huawei AGC Authentication Service ✨

Hi fellow developers!👋

Today, let's talk about how to seamlessly integrate your existing account system with Huawei's AppGallery Connect (AGC) Authentication Service. No need to reinvent the wheel, plus you get to enjoy the security and Serverless ecosystem of AGC. It's incredibly convenient!😎 Let's get straight to the point with a super detailed, easy-to-follow guide!

🌟 I. What is Custom Account Integration?

If your application already has a mature account system (like a self-developed user system), you can quickly connect to AGC's authentication service using the Custom Account feature to:

1. Extend Authentication Methods: Allow users to log in with their own accounts as well as third-party providers supported by AGC (like Huawei ID, WeChat, etc.).
2. Secure Data Access: Protect user data in Serverless services like Cloud DB and Cloud Storage using AGC's security rules.
3. Unified Identity Management: Identify users with a unique AGC user ID, no matter which login method they use.

🛠️ II. Prerequisites (Get these done first!)

1. Enable AGC Authentication Service
   • Log in to the AGC console, go to "Build > Authentication Service", and enable the "Custom Account" authentication method.
2. Integrate the SDK
   • Add the AGC Authentication Service SDK dependency to your project (refer to the official documentation for the specific version):

//import auth from '@hw-agconnect/auth';

• Download and configure the <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">agconnect-services.json</font> file in your project's resource directory.

🚀 III. Development Steps (Code Examples + Details)

Step 1: Generate a JWT for the Custom Account

After a user logs into your server, you need to generate a JSON Web Token (JWT) and pass it to AGC. This token must contain a unique user identifier (like a user ID) and an expiration time to ensure security.

//const token = generateJWT({  
  userId: "123456",  
  expiresIn: "2h"  
});

Step 2: Frontend Calls the AGC Login API

Pass the JWT to the AGC SDK to complete user authentication:

auth.signIn({  'credentialInfo': {  
    kind: 'selfBuild',  
    accessToken: 'Your JWT'
  }  
}).then(signInResult => {  
  console.log('Login successful! User UID:', signInResult.getUser().getUid());  
}).catch(error => {  
  console.error('Login failed:', error.message);  
});

Key Points:

• <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">kind</font> must be set to <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">selfBuild</font> to indicate custom account authentication.
• After a successful login, user information (like UID, nickname, etc.) is returned in <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">signInResult</font>.

Step 3: Configure Security Rules (Optional)

If you want to restrict user access to Serverless services (like Cloud DB), you can configure security rules in the AGC console, for example:

//{  
  "rules": {  
    "users": {  
      "$uid": {  
        ".read": "auth.uid == $uid"  
      }  
    }  
  }  
}

🔄 IV. More Useful Features

1. Account Linking
   • Users can link their WeChat, Huawei ID, and other accounts to their custom account for multiple login options.
2. Sign-out and Account Deletion
   • Call <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">auth.signOut()</font> to log out the current user;
   • For account deletion, ensure the user has logged in within the last 5 minutes; otherwise, re-authentication is required.
3. Sensitive Operation Protection
   • Operations like changing passwords or resetting accounts require secondary verification to enhance security.

⚠️ V. Pitfall Guide

1. Token Expiration: It's recommended to set a short expiration time for JWTs to avoid security risks.
2. Error Handling: Catch exceptions from <font style="color:rgb(255, 80, 44);background-color:rgb(255, 245, 245);">signIn</font> and provide user-friendly error messages (e.g., for network issues, invalid tokens, etc.).
3. Compliance: If your app targets international users, ensure you comply with local privacy regulations (like GDPR).

🎉 VI. Summary

By integrating your custom account system with AGC Authentication Service, you can reuse your existing user base while leveraging the Serverless capabilities of the Huawei ecosystem—it's a win-win! If you're struggling with the security and scalability of your account system, give this solution a try.

Questions? Feel free to ask in the comments or send me a direct message!💬

Happy Coding!🚀

— Your Tech Pal