Client-side Connect Flow

Availability

OAuth is in closed beta in production, and open beta in sandbox. Contact us to express interest in the production beta release.

Important

The SSL certificates for Braintree Mobile (iOS and Android) SDKs are set to expire on March 30, 2026. This will impact existing versions of the SDK in published versions of your app. To reduce the impact, upgrade the iOS SDK to version 6.17.0+Android SDK to version 4.45.0+ or version 5.0.0+ for the new SSL certifications.

If you do not decommission your app versions that include the older SDK versions or force upgrade your app with the updated certificates by the expiration date, 100% of your customer traffic will fail.

Android OAuth sequence

While the high-level OAuth sequence on the Overview still holds true, we recommend this Android-specific client-side flow, which avoids exposing your client_secret:

The merchant taps the Connect with Braintree button in your app
Your app sends the merchant to Braintree for authorization using an Intent and the connect URL supplied by your server
After the merchant has authorized and your server has created an access token, your server redirects the merchant to a URL that is captured by an IntentFilter in your app

Display the button

We provide a Connect with Braintree button that allows you to send merchants to Braintree to log in and agree to your requested OAuth scopes. To display this button in your app:

Download the connect-braintree-android assets.
Add them to your project's res folder.
Display the button in an ImageButton or similar element in your view:

XML

<ImageButton
  android:layout_width="wrap_content"
  android:layout_height="wrap_content"
  android:src="@drawable/btn_bt_connect_normal"
  android:background="@android:color/transparent"
  android:id="@+id/connect"
  android:layout_marginTop="128dp" />

Send the merchant to Braintree

When a merchant taps the Connect with Braintree button, your app should send them to Braintree using an Intent and the connect URL from your server:

Capture the return URL with an intent filter

After authorizing, your server should redirect your merchant back to the /merchant-connected path. To pick up this path and launch your next desired activity, add the following IntentFilter to your app's manifest.xml:

XML

<activity android:name="com.my.example.app.MyActivity" 
    android:launchMode="singleTask"
    android:exported="true">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data
          android:scheme="https://"
          android:host="example.com"
          android:path="/merchant-connected"
        />
    </intent-filter>
</activity>

Note

Future versions of the Android SDK will require you to verify your app's Intent Filters.

Client-side Connect Flow

Android OAuth sequence

Display the button

Send the merchant to Braintree

Capture the return URL with an intent filter

If you accept cookies, we’ll use them to improve and customize your experience and enable our partners to show you personalized PayPal ads when you visit other sites. Manage cookies and learn more