I created a new project based on the Android template. The SDK initializes correctly and the enrollment process completes successfully. However I only have access to the endpoint for as long as the JWT is valid. I understand that once the enrollment is done, it shouldn't need to be repeated unless the app's cache is cleared.
I think you followed this example: Android | OpenZiti
Your understanding is correct. The expiration of the enrollment token has no bearing on permission to use services after enrollment.
There must be another explanation! It sounds like you're persisting the enrolled identity / ziti context in the Android apps cache, so it's true it will be lost when the cache is cleared. At that point you would need a new one-time token to enroll again.
Yes, I am following that example using the repository: Ziti Android App Once the enrollment is completed successfully, it doesn't prompt me to enroll again. However, I only have access to the endpoint for as long as the token is valid. Also, I am only consuming the endpoint; the management of the admin panel is handled by someone else, so I'm not sure if any configuration needs to be done on that side.
I configured the SDK in the same way as shown in the MainActivity Could the SDK version I am using be influencing this behavior? I tried running the template directly, but there seemed to be compatibility issues with my current version of Android Studio: "Android Studio Koala | 2024.1.1."
Enrollment consumes a one-time token and produces a long-lived Ziti identity/context stored somewhere by the app. As long as that identity/context remains available, you shouldn't be prompted again for the one-time enrollment token.
It may be helpful to run a local Ziti network during development to see the controller's status for your app's identity and control the settings. If you have Docker, you can run an all-in-one controller, console, and router container like this. I specified the "main" tag because the console isn't enabled in the latest release but will be in Ziti 1.1.13 or later.
wget https://get.openziti.io/dock/all-in-one/compose.yml;
export ZITI_CLI_TAG=main;
docker compose pull;
docker compose up;
Then visit the console on https://localhost:1280/zac/ and login with username "admin" and password "admin". Alternatively, use the CLI like ziti edge login -u admin -p admin.
Let me know if my paraphrase is accurate: The endpoint, i.e., a Ziti service intercept address like http://wttr.in from the README, works after enrollment. Then, it stops working around when the enrollment token would have expired if you hadn't enrolled.