CredentialManager  |  API reference  |  Android Developers (original) (raw)

public interface CredentialManager

Manages user authentication flows.

An application can call the CredentialManager apis to launch framework UI flows for a user to register a new credential or to consent to a saved credential from supported credential providers, which can then be used to authenticate to the app.

This class contains its own exception types. They represent unique failures during the Credential Manager flow. As required, they can be extended for unique types containing new and unique versions of the exception - either with new 'exception types' (same credential class, different exceptions), or inner subclasses and their exception types (a subclass credential class and all their exception types).

For example, if there is an UNKNOWN exception type, assuming the base Exception is [ClearCredentialException](/reference/androidx/credentials/exceptions/ClearCredentialException), we can add an 'exception type' class for it as follows:

class ClearCredentialUnknownException(
errorMessage: CharSequence? = null
) : ClearCredentialException(TYPE_CLEAR_CREDENTIAL_UNKNOWN_EXCEPTION, errorMessage) {
// ...Any required impl here...//
companion object {
private const val TYPE_CLEAR_CREDENTIAL_UNKNOWN_EXCEPTION: String =
"androidx.credentials.TYPE_CLEAR_CREDENTIAL_UNKNOWN_EXCEPTION"
}
}

Furthermore, the base class can be subclassed to a new more specific credential type, which then can further be subclassed into individual exception types. The first is an example of a 'inner credential type exception', and the next is a 'exception type' of this subclass exception.

class UniqueCredentialBasedOnClearCredentialException(
type: String,
errorMessage: CharSequence? = null
) : ClearCredentialException(type, errorMessage) {
// ... Any required impl here...//
}
// .... code and logic .... //
class UniqueCredentialBasedOnClearCredentialUnknownException(
errorMessage: CharSequence? = null
) : ClearCredentialException(TYPE_UNIQUE_CREDENTIAL_BASED_ON_CLEAR_CREDENTIAL_UNKNOWN_EXCEPTION,
errorMessage) {
// ... Any required impl here ... //
companion object {
private const val
TYPE_UNIQUE_CREDENTIAL_BASED_ON_CLEAR_CREDENTIAL_UNKNOWN_EXCEPTION: String =
"androidx.credentials.TYPE_CLEAR_CREDENTIAL_UNKNOWN_EXCEPTION"
}
}

Summary

Public methods
default void clearCredentialState(@NonNull ClearCredentialStateRequest request) Clears the current user credential state from all credential providers.
abstract void clearCredentialStateAsync( @NonNull ClearCredentialStateRequest request, CancellationSignal cancellationSignal, @NonNull Executor executor, @NonNull CredentialManagerCallback<Void, @NonNull ClearCredentialException> callback) Clears the current user credential state from all credential providers.
default static final @NonNull CredentialManager create(@NonNull Context context) Creates a CredentialManager based on the given context.
default @NonNull CreateCredentialResponse createCredential( @NonNull Context context, @NonNull CreateCredentialRequest request) Registers a user credential that can be used to authenticate the user to the app in the future.
abstract void createCredentialAsync( @NonNull Context context, @NonNull CreateCredentialRequest request, CancellationSignal cancellationSignal, @NonNull Executor executor, @NonNull CredentialManagerCallback<@NonNull CreateCredentialResponse, @NonNull CreateCredentialException> callback) Registers a user credential that can be used to authenticate the user to the app in the future.
abstract @NonNull PendingIntent @RequiresApi(value = 34)createSettingsPendingIntent() Returns a pending intent that shows a screen that lets a user enable a Credential Manager provider.
default @NonNull GetCredentialResponse @RequiresApi(value = 34)getCredential( @NonNull Context context, @NonNull PrepareGetCredentialResponse.PendingGetCredentialHandle pendingGetCredentialHandle) Requests a credential from the user.
default @NonNull GetCredentialResponse getCredential( @NonNull Context context, @NonNull GetCredentialRequest request) Requests a credential from the user.
abstract void @RequiresApi(value = 34)getCredentialAsync( @NonNull Context context, @NonNull PrepareGetCredentialResponse.PendingGetCredentialHandle pendingGetCredentialHandle, CancellationSignal cancellationSignal, @NonNull Executor executor, @NonNull CredentialManagerCallback<@NonNull GetCredentialResponse, @NonNull GetCredentialException> callback) Requests a credential from the user.
abstract void getCredentialAsync( @NonNull Context context, @NonNull GetCredentialRequest request, CancellationSignal cancellationSignal, @NonNull Executor executor, @NonNull CredentialManagerCallback<@NonNull GetCredentialResponse, @NonNull GetCredentialException> callback) Requests a credential from the user.
default @NonNull PrepareGetCredentialResponse @RequiresApi(value = 34)prepareGetCredential(@NonNull GetCredentialRequest request) Prepares for a get-credential operation.
abstract void @RequiresApi(value = 34)prepareGetCredentialAsync( @NonNull GetCredentialRequest request, CancellationSignal cancellationSignal, @NonNull Executor executor, @NonNull CredentialManagerCallback<@NonNull PrepareGetCredentialResponse, @NonNull GetCredentialException> callback) Prepares for a get-credential operation.
default @NonNull SignalCredentialStateResponse signalCredentialState(@NonNull SignalCredentialStateRequest request) Signals a user's public key credential/credentials state to all credential providers.
default void signalCredentialStateAsync( @NonNull SignalCredentialStateRequest request, @NonNull Executor executor, @NonNull CredentialManagerCallback<@NonNull SignalCredentialStateResponse, @NonNull SignalCredentialStateException> callback) Signals a user's public key credential/credentials state to all credential providers.

Public methods

clearCredentialState

default void clearCredentialState(@NonNull ClearCredentialStateRequest request)

Clears the current user credential state from all credential providers.

You should invoked this api after your user signs out of your app to notify all credential providers that any stored credential session for the given app should be cleared.

A credential provider may have stored an active credential session and use it to limit sign-in options for future get-credential calls. For example, it may prioritize the active credential over any other available credential. When your user explicitly signs out of your app and in order to get the holistic sign-in options the next time, you should call this API to let the provider clear any stored credential session.

If the API is called with [ClearCredentialStateRequest.TYPE_CLEAR_RESTORE_CREDENTIAL](/reference/androidx/credentials/ClearCredentialStateRequest#TYPE%5FCLEAR%5FRESTORE%5FCREDENTIAL%28%29) then any restore credential stored on device will be cleared.

clearCredentialStateAsync

abstract void clearCredentialStateAsync(
    @NonNull ClearCredentialStateRequest request,
    CancellationSignal cancellationSignal,
    @NonNull Executor executor,
    @NonNull CredentialManagerCallback<Void, @NonNull ClearCredentialException> callback
)

Clears the current user credential state from all credential providers.

This API uses callbacks instead of Kotlin coroutines.

You should invoked this api after your user signs out of your app to notify all credential providers that any stored credential session for the given app should be cleared.

A credential provider may have stored an active credential session and use it to limit sign-in options for future get-credential calls. For example, it may prioritize the active credential over any other available credential. When your user explicitly signs out of your app and in order to get the holistic sign-in options the next time, you should call this API to let the provider clear any stored credential session.

getCredential

@RequiresApi(value = 34)
default @NonNull GetCredentialResponse getCredential(
    @NonNull Context context,
    @NonNull PrepareGetCredentialResponse.PendingGetCredentialHandle pendingGetCredentialHandle
)

Requests a credential from the user.

Different from the other getCredential(GetCredentialRequest, Activity) API, this API launches the remaining flows to retrieve an app credential from the user, after the completed prefetch work corresponding to the given pendingGetCredentialHandle. Use this API to complete the full credential retrieval operation after you initiated a request through the [prepareGetCredential](/reference/androidx/credentials/CredentialManager#prepareGetCredential%28androidx.credentials.GetCredentialRequest%29) API.

The execution can potentially launch UI flows to collect user consent to using a credential, display a picker when multiple credentials exist, etc.

getCredential

default @NonNull GetCredentialResponse getCredential(
    @NonNull Context context,
    @NonNull GetCredentialRequest request
)

Requests a credential from the user.

The execution potentially launches framework UI flows for a user to view available credentials, consent to using one of them, etc.

import androidx.credentials.Credential import androidx.credentials.CredentialManager import androidx.credentials.GetCredentialRequest import androidx.credentials.GetPasswordOption import androidx.credentials.GetPublicKeyCredentialOption import androidx.credentials.PublicKeyCredential import androidx.credentials.exceptions.GetCredentialException

val credentialManager = CredentialManager.create(context)

val getPasswordOption = GetPasswordOption()

val getPublicKeyCredentialOption = GetPublicKeyCredentialOption( requestJson = generateGetPasskeyRequestJsonFromServer(), // No need to fill this unless you are a browser and are making an origin-based request clientDataHash = null, )

val request = GetCredentialRequest( credentialOptions = listOf(getPasswordOption, getPublicKeyCredentialOption) )

// The API call will launch a credential selector UI for the user to pick a login credential. // It will be canceled if this coroutine scope is canceled. If you want the operation to persist // through your UI lifecycle (e.g. configuration changes), choose a coroutine scope that is // broader than your UI lifecycle (e.g. ViewModelScope) yourCoroutineScope.launch { try { val response = credentialManager.getCredential( // Important: use an Activity context to ensure that the system credential // selector // ui is launched within the same activity stack to avoid undefined UI // transition // behavior. context = activity, request = request, ) signInWithCredential(response.credential) } catch (e: GetCredentialException) { handleGetCredentialFailure(e) } }

Parameters
@NonNull Context context the context used to launch any UI needed; use an activity context to make sure the UI will be launched within the same task stack
@NonNull GetCredentialRequest request the request for getting the credential

getCredentialAsync

@RequiresApi(value = 34)
abstract void getCredentialAsync(
    @NonNull Context context,
    @NonNull PrepareGetCredentialResponse.PendingGetCredentialHandle pendingGetCredentialHandle,
    CancellationSignal cancellationSignal,
    @NonNull Executor executor,
    @NonNull CredentialManagerCallback<@NonNull GetCredentialResponse, @NonNull GetCredentialException> callback
)

Requests a credential from the user.

This API uses callbacks instead of Kotlin coroutines.

Different from the other getCredentialAsync(GetCredentialRequest, Activity) API, this API launches the remaining flows to retrieve an app credential from the user, after the completed prefetch work corresponding to the given pendingGetCredentialHandle. Use this API to complete the full credential retrieval operation after you initiated a request through the [prepareGetCredentialAsync](/reference/androidx/credentials/CredentialManager#prepareGetCredentialAsync%28androidx.credentials.GetCredentialRequest,android.os.CancellationSignal,java.util.concurrent.Executor,androidx.credentials.CredentialManagerCallback%29) API.

The execution can potentially launch UI flows to collect user consent to using a credential, display a picker when multiple credentials exist, etc.