The WooCommerce for Android app previously connected to stores exclusively via WordPress.com APIs. This meant that if a WooCommerce store was not hosted on WordPress.com, users could not connect to it using the app and it will require the Jetpack plugin to setup a common interface for communicating with a self-hosted store. In order to use these APIs, you will need a client ID and a client secret key. These details will be used to authenticate your application and verify that the API calls being made are valid. You can create an application or view details for your existing applications with our WordPress.com applications manager.
Now the app also supports a new system for making authenticated requests to various WordPress APIs — Application Passwords, but to build the app you still need to provide app_id
and app_secret
fields
When creating your application, you should select "Native client" for the application type. The "Website URL", "Redirect URLs", and "Javascript Origins" fields are required but not used for the mobile apps. Just use "https://localhost".
Once you've created your application in the applications manager, you'll
need to update the wc.oauth.app_id
and wc.oauth.app_secret
fields in secrets.properties
.
See setup instructions for more details about secrets file. Then you can compile and run the app on a device or an emulator and
try to login with a WordPress.com account. Note that authenticating to WordPress.com via Google is
not supported in development builds of the app, only in the official release.
Note that credentials created with our WordPress.com applications manager
allow login only and not signup. New accounts must be created using the official app
or on the web. Login is restricted to the WordPress.com
account with which the credentials were created. In other words, if the credentials
were created with foo@email.com, you will only be able to login with foo@email.com.
Using another account like bar@email.com will cause the Client cannot use "password" grant_type
error.
For security reasons, some account-related actions aren't supported for development builds when using a WordPress.com account with 2-factor authentication enabled.
Read more about OAuth2 and the WordPress.com REST endpoint.
The secrets.properties
file is used to store sensitive information that should not be checked into version control. This file is located at ~/.configure/woocommerce-android/secrets/secrets.properties
.
Property | Description |
---|---|
wc.oauth.app_id | Required to build the app. See OAuth2 Authentication |
wc.oauth.app_secret | Required to build the app. See OAuth2 Authentication |
wc.zendesk_app_id | Used for Zendesk integration. Can be ignored. |
wc.zendesk.domain | Used for Zendesk integration. Can be ignored. |
wc.zendesk.oauth_client_id | Used for Zendesk integration. Can be ignored. |
wc.sentry.dsn | Used for Sentry integration. Can be ignored. |
The woocommerce-android project uses detekt for Kotlin linting and code style check.
You can run detekt using ./gradlew detektAll
.
You can also view errors and warnings in realtime with the Detekt plugin.
You can install the detekt plugin in Android Studio here:
Android Studio > Preferences... > Plugins > detekt
Once installed, you can configure the plugin here:
Android Studio > Preferences... > Tools > Detekt
From there, add and enable the custom configuration file, located at config/detekt/detekt.yml.
If you want to use the AutoCorrect feature of the plugin, make sure that the option Enable formatting (ktlint) rules
is enabled in the above settings, then you will be able to reformat any file according to detekt's rules using the refactor menu AutoCorrect by Detekt Rules
Google Sign-In is only available for WordPress.com accounts through the [official app][woo-app]. Contributors can build and run the app without issue, but Google Sign-In will always fail. Google Sign-In requires configuration files which contain client and server information that can't be shared publicly. More documentation and guides can be found on the Google Identity Platform website.