Example: Share credentials across multiple websites and multiple Android apps

To set up credential sharing across multiple websites and multiple Android apps you must:

  • Designate a primary domain: Choose one URL as the primary reference point for links.
  • Create assetlinks.json files:
    • Primary domain: Create an assetlinks.json file on your primary domain that lists all domains sharing credentials.
    • Other domains: Create an assetlinks.json file on each of the other domains, each linking back to the primary domain.
  • Configure digital asset linking in each App's manifest: Set up each app to link back to the assetlinks.json file in the primary domain.

In the following example, we designated example.com as the primary domain, and all other listed domains share credentials with example.com and across themselves.

The two apps with the following package names also share credentials with all the websites and between them:

  • com.example.android.myapplication
  • com.example.appname

Before setting up credential sharing you must complete the prerequisites.

To declare credential sharing across these websites and Android apps:

  1. Create an assetlinks.json file with the following content:

    [
  {
    "relation": ["delegate_permission/common.get_login_creds"],
    "target": {
      "namespace": "web",
      "site": "https://example.com"
    }
  },
  {
    "relation": ["delegate_permission/common.get_login_creds"],
    "target": {
      "namespace": "web",
      "site": "https://example.org"
    }
  },
  {
    "relation": ["delegate_permission/common.get_login_creds"],
    "target": {
      "namespace": "web",
      "site": "https://example.net"
    }
  },
  {
    "relation": ["delegate_permission/common.get_login_creds"],
    "target": {
      "namespace": "web",
      "site": "https://myownpersonaldomain.com"
    }
  },
  {
    "relation" : [
      "delegate_permission/common.get_login_creds"
    ],
    "target" : {
      "namespace" : "android_app",
      "package_name" : "com.example.android.myapplication",
      "sha256_cert_fingerprints" : [ "AA:BB:CC:DD:EE:FF:11:22:33:44:55:66:77:88:99:00:AA:BB:CC:DD:EE:FF:11:22:33:44:55:66:77:88:99:00"
      ]
    }
  },
  {
    "relation" : [
      "delegate_permission/common.get_login_creds"
    ],
    "target" : {
      "namespace" : "android_app",
      "package_name" : "com.example.appname",
      "sha256_cert_fingerprints" : [ "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"
      ]
    }
  }
]

  2. Host the Digital Asset Links JSON file in the corresponding well-known location on the primary domain, in this case: https://example.com/.well-known/assetlinks.json.

  3. Create another assetlinks.json file with the following content:

    [
  {
    "relation": ["delegate_permission/common.get_login_creds"],
    "target": {
      "namespace": "web",
      "site": "example.com"
    }
  }
]

  4. Host copies of this Digital Asset Links JSON file at the following location on the other domains, in this case:

    • example.org/.well-known/assetlinks.json
    • example.net/.well-known/assetlinks.json
    • mypersonaldomain.com/.well-known/assetlinks.json

  5. Add the following line to both Android Apps manifests files under <application>:

    <meta-data android:name="asset_statements" android:resource="@string/asset_statements"/>

  6. Configure digital asset linking in the manifest by declaring the association in the Android app. Add an object that specifies the assetlinks.json files to load. In this case:

    <string name="asset_statements" translatable="false">
[{
  \"include\": \"https://example.com/.well-known/assetlinks.json\"
}]
</string>

After following these steps, you have successfully set up seamless credential sharing across multiple websites and Android apps.