Courtesy: GitHub

credentials-quickstart

Get Started

This is a quickstart sample for the Android Credentials API, which is part of Smartlock for Passwords on Android. Visit the following link for more information:

https://developers.google.com/identity/smartlock-passwords/android/get-started

Optional

Determining the SHA512 Hash of Your Keystore

This applicaiton demonstrates the use and verification of ID Tokens retrieved from Credentials which is a great way to authenticate your client applications with your backend server. You will need to determine the SHA512 hash of your application and update MockServer.java accordingly.

Run the quickstart and successfully load a credential. Then in the adb logcat logs, search for "IDToken Audience". There should be a log message containing the audience of the ID Token in the loaded credential which will have the following form:

android://<SHA512>@<PACKAGE_NAME>

Copy the SHA512 from that log message and update MockServer.java.

For example for this log message:

D/MockServer: IDToken Audience:android://_6Gx0cvSsFgTLF3NJCJIUs9BDaZMdSnXosAbPYYLiTqNWvR0IMc0C-UQehhmDu8t8l4fd3tEI6TlVCoqybFV5g==@com.google.example.credentialsbasic

The SHA512 hash is

_6Gx0cvSsFgTLF3NJCJIUs9BDaZMdSnXosAbPYYLiTqNWvR0IMc0C-UQehhmDu8t8l4fd3tEI6TlVCoqybFV5g==

compileSdkVersion 25

applicationId "com.google.example.credentialsbasic"

minSdkVersion 17

targetSdkVersion 25

versionCode 1

versionName "1.0"

compile 'com.android.support:appcompat-v7:25.1.1'

compile 'com.google.android.gms:play-services-auth:10.2.0'

compile 'com.google.api-client:google-api-client:1.19.1'

package com.google.example.credentialsbasic

uses-permission

  • android.permission.INTERNET

MainActivity

A minimal example of saving and loading username/password credentials from the Credentials API. @author samstern@google.com

Called when the save button is clicked. Reads the entries in the email and password fields and attempts to save a new Credential to the Credentials API.

Called when the Load Credentials button is clicked. Attempts to read the user's saved Credentials from the Credentials API. This may show UX, such as a credential picker or an account picker. * Note: in a normal application loading credentials should happen without explicit user action, this is only connected to a 'Load Credentials' button for easier demonstration in this sample. Make sure not to load credentials automatically if the user has clicked a "sign out" button in your application in order to avoid a sign-in loop. You can do this with the function Auth.CredentialsApi.disableAuthSignIn(...).

Called when the Load Hints button is clicked. Requests a Credential "hint" which will be the basic profile information and an ID token for an account on the device. This is useful to auto-fill sign-up forms with an email address, picture, and name or to do password-free authentication with a server by providing an ID Token.

Request Credentials from the Credentials API.

Called when the delete credentials button is clicked. This deletes the last Credential that was loaded using the load button.

Attempt to resolve a non-successful Status from an asynchronous request. @param status the Status to resolve. @param requestCode the request code to use when starting an Activity for result, this will be passed back to onActivityResult.

Process a Credential object retrieved from a successful request. @param credential the Credential to process. @param isHint true if the Credential is hint-only, false otherwise.

Determine if we should request an ID token with Hints/Credentials. The default behavior is to not request an ID token (for speed purposes) but by setting this value to true an ID token will be returned with Hints/Credentials when possible.

Make a password into asterisks of the right length, for logging. *

Display a short Toast message *

Show progress spinner and disable buttons *

Hide progress spinner and enable buttons *

Enable or disable multiple views *

MockServer

Mock server class to demonstrate how to use the Google APIs Client Library for Java to verify an ID token obtained from a Credential.

Verify an ID token and log the email address and verification status. @param idTokenString ID Token from a Credential.

Print the audience of an unverified token string to the logs. @param idTokenString the ID Token string.

Determine the audience of the ID token based on the sha512 hash and the package name. @param sha512Hash sha512 hash of the application, see README for instructions. @param packageName package name of the application,