com.google.android.gms.auth.api.identity

Provides facilities to retrieve credentials that can be used to sign the user into your application or sign up a new user.

The Sign-In APIs can be used for both sign-in and sign-up scenarios. The two scenarios share the same flow in the code, but different BeginSignInRequest should be provided in different scenarios.

In the following doc, we'll describe the code flow first, and then the usage of BeginSignInRequest.

Code flow

The Sign-In APIs guide the user through credential selection before returning an instance of SignInCredential containing the data for sign-in or sign-up.

The recommended process for retrieving credentials using this API is as follows:

  1. Get a new API client instance by calling Identity.getSignInClient.
  2. Call SignInClient.beginSignIn, supplying the constructed BeginSignInRequest as an input.
  3. If the request is successful, at least one matching credential is available. Launch the PendingIntent from the result of the operation to display the UI that guides the user through sign-in. The result of sign-in will be returned in Activity.onActivityResult; calling SignInClient.getSignInCredentialFromIntent will either return the SignInCredential if the operation was successful, or throw an ApiException that indicates the reason for failure.
  4. If the request is unsuccessful, no matching credential was found on the device that can be used to sign the user in. No further action needs to be taken.

When the user signs out of your application, please make sure to call SignInClient.signOut.

The usage of BeginSignInRequest

Different BeginSignInRequest should be used for sign-in and sign-up.

Sign an existing user in

Two types of credentials are supported in SignInCredential: Google ID token and password. To give users more options to choose from when selecting a credential to sign in with, and by extension, increase your app's sign-in rate, it is strongly recommended that applications support both Google ID token and password credentials:

  1. If your application supports username/password login, configure an instance of PasswordRequestOptions in the request.
  2. If your application supports federated sign-in using Google ID tokens, configure an instance of GoogleIdTokenRequestOptions accordingly - be sure to supply your server client ID (you can find this in your Google API console project).

    For the sign-in scenario, it is strongly recommended to set GoogleIdTokenRequestOptions.Builder.setFilterByAuthorizedAccounts to true so only the Google accounts that the user has authorized before will show up in the credential list. This can help prevent a new account being created when the user has an existing account registered with the application.

For example, an app that supports password login and federated sign-in with Google would construct a request as follows:

BeginSignInRequest request = BeginSignInRequest.builder()
     .setPasswordRequestOptions(
         PasswordRequestOptions.builder()
             .setSupported(true)
             .build())
     .setGoogleIdTokenRequestOptions(
         GoogleIdTokenRequestOptions.builder()
             .setSupported(true)
             // Set filterByAuthorizedAccounts = true to avoid duplicated accounts being created
             .setFilterByAuthorizedAccounts(true)
             .setServerClientId("serverClientID")
             .build())
     .build();
 

Sign up a new user

For the sign-up scenario, only Google ID token credentials should be used. The GoogleIdTokenRequestOptions may look like the following:

BeginSignInRequest request = BeginSignInRequest.builder()
     .setGoogleIdTokenRequestOptions(
         GoogleIdTokenRequestOptions.builder()
             .setSupported(true)
             .setFilterByAuthorizedAccounts(false)
             .setServerClientId("serverClientID")
             .build())
     .build();
 

Interfaces

SignInClient A client for the sign-in API. 

Classes

BeginSignInRequest Configurations that can be used to filter acceptable types of credentials returned from a sign-in attempt. 
BeginSignInRequest.Builder Builder for BeginSignInRequest
BeginSignInRequest.GoogleIdTokenRequestOptions Options for requesting Google ID token-backed credentials during sign-in. 
BeginSignInRequest.GoogleIdTokenRequestOptions.Builder Builder for BeginSignInRequest.GoogleIdTokenRequestOptions
BeginSignInRequest.PasswordRequestOptions Options for requesting password-backed credentials during sign-in. 
BeginSignInRequest.PasswordRequestOptions.Builder Builder for BeginSignInRequest.PasswordRequestOptions
BeginSignInResult Result returned from sign-in initiation that includes a PendingIntent that can be used to continue the sign-in flow. 
Identity The entry point to the Sign-In APIs. 
SignInCredential The credential returned as a result of a successful sign-in. 
SignInOptions Options provided to all instances of the bound service that backs the SignIn APIs. 
SignInOptions.Builder Builder for SignInOptions