Authenticate with Google on Android (original) (raw)
You can let your users authenticate with Firebase using their Google Accounts.
Before you begin
- If you haven't already,add Firebase to your Android project.
- In your module (app-level) Gradle file(usually
<project>/<app-module>/build.gradle.ktsor<project>/<app-module>/build.gradle), add the dependency for the Firebase Authentication library for Android. We recommend using theFirebase Android BoMto control library versioning.
Also, as part of setting up Firebase Authentication, you need to add the Credential Manager SDK to your app.
dependencies {
// Import the BoM for the Firebase platform
implementation(platform("com.google.firebase:firebase-bom:34.6.0"))
// Add the dependency for the Firebase Authentication library
// When using the BoM, you don't specify versions in Firebase library dependencies
implementation("com.google.firebase:firebase-auth")
// Also add the dependencies for the Credential Manager libraries and specify their versions
implementation("androidx.credentials🪪1.3.0")
implementation("androidx.credentials:credentials-play-services-auth:1.3.0")
implementation("com.google.android.libraries.identity.googleid:googleid:1.1.1")
}
By using the Firebase Android BoM, your app will always use compatible versions of Firebase Android libraries.
(Alternative) Add Firebase library dependencies without using the BoM
If you choose not to use the Firebase BoM, you must specify each Firebase library version in its dependency line.
Note that if you use multiple Firebase libraries in your app, we strongly recommend using the BoM to manage library versions, which ensures that all versions are compatible.
dependencies {
// Add the dependency for the Firebase Authentication library
// When NOT using the BoM, you must specify versions in Firebase library dependencies
implementation("com.google.firebase:firebase-auth:24.0.1")
// Also add the dependencies for the Credential Manager libraries and specify their versions
implementation("androidx.credentials🪪1.3.0")
implementation("androidx.credentials:credentials-play-services-auth:1.3.0")
implementation("com.google.android.libraries.identity.googleid:googleid:1.1.1")
} - If you haven't yet specified your app's SHA fingerprint, do so from theSettings pageof the Firebase console. Refer toAuthenticating Your Clientfor details on how to get your app's SHA fingerprint.
- Enable Google as a sign-in method in the Firebase console:
- In the Firebase console, open the Auth section.
- On the Sign in method tab, enable the Google sign-in method and click Save.
- When prompted in the console, download the updated Firebase config file (
google-services.json), which now contains the OAuth client information required for Google sign-in. - Move this updated config file into your Android Studio project, _replacing_the now-outdated corresponding config file. (See Add Firebase to your Android project.)
Authenticate with Firebase
- Integrate Sign in with Google into your app by following the steps in theCredential Manager documentation. Here are the high-level instructions:
- Instantiate a Google sign in request using
GetGoogleIdOption. Then, create the Credential Manager request usingGetCredentialRequest:
Kotlin
// Instantiate a Google sign-in request
val googleIdOption = GetGoogleIdOption.Builder()
// Your server's client ID, not your Android client ID.
.setServerClientId(getString(R.string.default_web_client_id))
// Only show accounts previously used to sign in.
.setFilterByAuthorizedAccounts(true)
.build()
// Create the Credential Manager request
val request = GetCredentialRequest.Builder()
.addCredentialOption(googleIdOption)
.build()Java
// Instantiate a Google sign-in request
GetGoogleIdOption googleIdOption = new GetGoogleIdOption.Builder()
.setFilterByAuthorizedAccounts(true)
.setServerClientId(getString(R.string.default_web_client_id))
.build();
// Create the Credential Manager request
GetCredentialRequest request = new GetCredentialRequest.Builder()
.addCredentialOption(googleIdOption)
.build();
In the request above, you must pass your "server" client ID to thesetServerClientIdmethod. To find the OAuth 2.0 client ID:
1. Open the Credentials page in the Google Cloud console.
2. The Web application type client ID is your backend server's OAuth 2.0 client ID.
2. Check that after you integrate Sign in with Google, your sign-in activity has code similar to the following:Kotlin
private fun handleSignIn(credential: Credential) {
// Check if credential is of type Google ID
if (credential is CustomCredential && credential.type == TYPE_GOOGLE_ID_TOKEN_CREDENTIAL) {
// Create Google ID Token
val googleIdTokenCredential = GoogleIdTokenCredential.createFrom(credential.data)
// Sign in to Firebase with using the token
firebaseAuthWithGoogle(googleIdTokenCredential.idToken)
} else {
Log.w(TAG, "Credential is not of type Google ID!")
}
}Java
private void handleSignIn(Credential credential) {
// Check if credential is of type Google ID
if (credential instanceof CustomCredential customCredential
&& credential.getType().equals(TYPE_GOOGLE_ID_TOKEN_CREDENTIAL)) {
// Create Google ID Token
Bundle credentialData = customCredential.getData();
GoogleIdTokenCredential googleIdTokenCredential = GoogleIdTokenCredential.createFrom(credentialData);
// Sign in to Firebase with using the token
firebaseAuthWithGoogle(googleIdTokenCredential.getIdToken());
} else {
Log.w(TAG, "Credential is not of type Google ID!");
}
} - Instantiate a Google sign in request using
- In your sign-in activity's
onCreatemethod, get the shared instance of theFirebaseAuthobject:
Kotlin
private lateinit var auth: FirebaseAuth
// ...
// Initialize Firebase Auth
auth = Firebase.auth
Java
private FirebaseAuth mAuth;
// ...
// Initialize Firebase Auth
mAuth = FirebaseAuth.getInstance();
3. When initializing your Activity, check to see if the user is currently signed in:
Kotlin
override fun onStart() {
super.onStart()
// Check if user is signed in (non-null) and update UI accordingly.
val currentUser = auth.currentUser
updateUI(currentUser)
}
Java
@Override
public void onStart() {
super.onStart();
// Check if user is signed in (non-null) and update UI accordingly.
FirebaseUser currentUser = mAuth.getCurrentUser();
updateUI(currentUser);
}
4. Now get the user's Google ID token created in step 1, exchange it for a Firebase credential, and authenticate with Firebase using the Firebase credential:
Kotlin
private fun firebaseAuthWithGoogle(idToken: String) {
val credential = GoogleAuthProvider.getCredential(idToken, null)
auth.signInWithCredential(credential)
.addOnCompleteListener(this) { task ->
if (task.isSuccessful) {
// Sign in success, update UI with the signed-in user's information
Log.d(TAG, "signInWithCredential:success")
val user = auth.currentUser
updateUI(user)
} else {
// If sign in fails, display a message to the user
Log.w(TAG, "signInWithCredential:failure", task.exception)
updateUI(null)
}
}
}
Java
private void firebaseAuthWithGoogle(String idToken) {
AuthCredential credential = GoogleAuthProvider.getCredential(idToken, null);
mAuth.signInWithCredential(credential)
.addOnCompleteListener(this, task -> {
if (task.isSuccessful()) {
// Sign in success, update UI with the signed-in user's information
Log.d(TAG, "signInWithCredential:success");
FirebaseUser user = mAuth.getCurrentUser();
updateUI(user);
} else {
// If sign in fails, display a message to the user
Log.w(TAG, "signInWithCredential:failure", task.getException());
updateUI(null);
}
});
}
If the call to signInWithCredential succeeds you can use the getCurrentUser method to get the user's account data.
Next steps
After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in.
- In your apps, you can get the user's basic profile information from the FirebaseUser object. See Manage Users.
- In your Firebase Realtime Database and Cloud Storage Security Rules, you can get the signed-in user's unique user ID from the
authvariable, and use it to control what data a user can access.
You can allow users to sign in to your app using multiple authentication providers by linking auth provider credentials to an existing user account.
To sign out a user, call signOut. You also need to clear the current user credential state from all credential providers, as recommended by the Credential Manager documentation:
Kotlin
private fun signOut() { // Firebase sign out auth.signOut()
// When a user signs out, clear the current user credential state from all credential providers.
lifecycleScope.launch {
try {
val clearRequest = ClearCredentialStateRequest()
credentialManager.clearCredentialState(clearRequest)
updateUI(null)
} catch (e: ClearCredentialException) {
Log.e(TAG, "Couldn't clear user credentials: ${e.localizedMessage}")
}
}}
Java
private void signOut() { // Firebase sign out mAuth.signOut();
// When a user signs out, clear the current user credential state from all credential providers.
ClearCredentialStateRequest clearRequest = new ClearCredentialStateRequest();
credentialManager.clearCredentialStateAsync(
clearRequest,
new CancellationSignal(),
Executors.newSingleThreadExecutor(),
new CredentialManagerCallback<>() {
@Override
public void onResult(@NonNull Void result) {
updateUI(null);
}
@Override
public void onError(@NonNull ClearCredentialException e) {
Log.e(TAG, "Couldn't clear user credentials: " + e.getLocalizedMessage());
}
});}