The Sign-In APIs can be used for both sign-in and sign-up scenarios. The two scenarios
share the same flow in the code, but different
should be provided in different scenarios.
In the following doc, we'll describe the code flow first, and then the usage of
The Sign-In APIs guide the user through credential selection before returning an
containing the data for sign-in or sign-up.
The recommended process for retrieving credentials using this API is as follows:
- Get a new API client instance by calling
SignInClient.beginSignIn, supplying the constructed
BeginSignInRequestas an input.
- If the request is successful, at least one matching credential is available. Launch
resultof the operation to display the UI that guides the user through sign-in. The result of sign-in will be returned in
SignInClient.getSignInCredentialFromIntentwill either return the
SignInCredentialif the operation was successful, or throw an
ApiExceptionthat indicates the reason for failure.
- If the request is unsuccessful, no matching credential was found on the device that can be used to sign the user in. No further action needs to be taken.
When the user signs out of your application, please make sure to call
The usage of
should be used for sign-in and sign-up.
Sign an existing user in
Two types of credentials are supported in
Google ID token and password. To give users more options to choose from when selecting a
credential to sign in with, and by extension, increase your app's sign-in rate, it is
strongly recommended that applications support both Google ID token and password
- If your application supports username/password login, configure an instance of
PasswordRequestOptionsin the request.
- If your application supports federated sign-in using Google ID tokens, configure an
GoogleIdTokenRequestOptionsaccordingly - be sure to supply your server client ID (you can find this in your Google API console project).
For the sign-in scenario, it is strongly recommended to set
trueso only the Google accounts that the user has authorized before will show up in the credential list. This can help prevent a new account being created when the user has an existing account registered with the application.
For example, an app that supports password login and federated sign-in with Google would construct a request as follows:
BeginSignInRequest request = BeginSignInRequest.builder() .setPasswordRequestOptions( PasswordRequestOptions.builder() .setSupported(true) .build()) .setGoogleIdTokenRequestOptions( GoogleIdTokenRequestOptions.builder() .setSupported(true) // Set filterByAuthorizedAccounts = true to avoid duplicated accounts being created .setFilterByAuthorizedAccounts(true) .setServerClientId("serverClientID") .build()) .build();
Sign up a new user
For the sign-up scenario, only Google ID token credentials should be used. The
GoogleIdTokenRequestOptions may look like the following:
BeginSignInRequest request = BeginSignInRequest.builder() .setGoogleIdTokenRequestOptions( GoogleIdTokenRequestOptions.builder() .setSupported(true) .setFilterByAuthorizedAccounts(false) .setServerClientId("serverClientID") .build()) .build();
|SignInClient||A client for the sign-in API.|
|BeginSignInRequest||Configurations that can be used to filter acceptable types of credentials returned from a sign-in attempt.|
|BeginSignInRequest.GoogleIdTokenRequestOptions||Options for requesting Google ID token-backed credentials during sign-in.|
|BeginSignInRequest.PasswordRequestOptions||Options for requesting password-backed credentials during sign-in.|
|BeginSignInResult||Result returned from sign-in initiation that
|Identity||The entry point to the Sign-In APIs.|
|SignInCredential||The credential returned as a result of a successful sign-in.|
|SignInOptions||Options provided to all instances of the bound service that backs the SignIn APIs.|