Automatically sign users into your app by using the Credentials API to request and retrieve stored credentials for your users.
Before you begin
Configure an Android Studio project.
Create a CredentialsClient object
To request stored credentials, you must create an instance of
CredentialsClient to access the Credentials API:
CredentialsClient mCredentialsClient;
// ...
mCredentialsApiClient = Credentials.getClient(this);
Create a CredentialRequest object
A CredentialRequest object specifies the
sign-in systems from which you want to request credentials. Build a
CredentialRequest using the setPasswordLoginSupported method for
password-based sign-in, and the setAccountTypes() method for federated
sign-in services such as Google Sign-In.
mCredentialRequest = new CredentialRequest.Builder()
.setPasswordLoginSupported(true)
.setAccountTypes(IdentityProviders.GOOGLE, IdentityProviders.TWITTER)
.build();
Use the constants defined in IdentityProviders
to specify commonly-used sign-in providers. For other sign-in providers, use any
string that uniquely identifies the provider. You must use the same provider identifier
to store credentials as you use to retrieve the credentials.
Request stored credentials
After you have created CredentialsClient and CredentialRequest objects, pass the request object
to the CredentialsClient.request()
method to request credentials stored for your app.
mCredentialsClient.request(mCredentialRequest).addOnCompleteListener(
new OnCompleteListener<CredentialRequestResponse>() {
@Override
public void onComplete(@NonNull Task<CredentialRequestResponse> task) {
if (task.isSuccessful()) {
// See "Handle successful credential requests"
onCredentialRetrieved(task.getResult().getCredential());
return;
}
// See "Handle unsuccessful and incomplete credential requests"
// ...
}
});
Define a callback to handle successful and failed requests using the
addOnCompleteListener() method.
Handle successful credential requests
On a successful credential request, use the resulting
Credential
object to complete the user's sign-in to your app. Use the getAccountType() method
to determine the type of retrieved credentials, then complete the appropriate sign-in
process. For example, for Google Sign-In, create a GoogleSignInClient object that
includes the user's ID, then use the object to start the sign-in flow. For password-based
sign-in, use the user's ID and password from the Credential object to complete your app's
sign-in process.
private void onCredentialRetrieved(Credential credential) {
String accountType = credential.getAccountType();
if (accountType == null) {
// Sign the user in with information from the Credential.
signInWithPassword(credential.getId(), credential.getPassword());
} else if (accountType.equals(IdentityProviders.GOOGLE)) {
// The user has previously signed in with Google Sign-In. Silently
// sign in the user with the same ID.
// See https://developers.google.com/identity/sign-in/android/
GoogleSignInOptions gso =
new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.build();
GoogleSignInClient signInClient = GoogleSignIn.getClient(this, gso);
Task<GoogleSignInAccount> task = signInClient.silentSignIn();
// ...
}
}
Handle multiple saved credentials
When user input is required to select a credential, the request() task will
fail with a ResolvableApiException. Check that
getStatusCode() returns RESOLUTION_REQUIRED and
call the exception's startResolutionForResult() method to prompt the user
to choose an account. Then, retrieve the user's chosen credentials from the
activity's onActivityResult() method by passing Credential.EXTRA_KEY to the
getParcelableExtra()
method.
mCredentialsClient.request(request).addOnCompleteListener(
new OnCompleteListener() {
@Override
public void onComplete(@NonNull Task task) {
if (task.isSuccessful()) {
// ...
return;
}
Exception e = task.getException();
if (e instanceof ResolvableApiException) {
// This is most likely the case where the user has multiple saved
// credentials and needs to pick one. This requires showing UI to
// resolve the read request.
ResolvableApiException rae = (ResolvableApiException) e;
resolveResult(rae, RC_READ);
} else if (e instanceof ApiException) {
// The user must create an account or sign in manually.
Log.e(TAG, "Unsuccessful credential request.", e);
ApiException ae = (ApiException) e;
int code = ae.getStatusCode();
// ...
}
}
});
private void resolveResult(ResolvableApiException rae, int requestCode) {
try {
rae.startResolutionForResult(MainActivity.this, requestCode);
mIsResolving = true;
} catch (IntentSender.SendIntentException e) {
Log.e(TAG, "Failed to send resolution.", e);
hideProgress();
}
}
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
// ...
if (requestCode == RC_READ) {
if (resultCode == RESULT_OK) {
Credential credential = data.getParcelableExtra(Credential.EXTRA_KEY);
onCredentialRetrieved(credential);
} else {
Log.e(TAG, "Credential Read: NOT OK");
Toast.makeText(this, "Credential Read Failed", Toast.LENGTH_SHORT).show();
}
}
// ...
}
When stored credentials are not found, users must create an account or manually
sign in. If getStatusCode()
returns SIGN_IN_REQUIRED,
you can optionally expedite the sign-up and sign-in processes by prompting the
user to choose recently used sign-in information, such as email address and
name, and automatically filling some fields of the forms with that information.
See Provide sign-in hints to a user
for details.
On successful sign in, allow users to save their credentials to automate future authentication on all their devices.