Sample for Credential Manager with Sign in with Google

[yschimke]

Is there a sample planned for Credential Manager with Sign in with Google?

https://developer.android.com/training/sign-in/credential-manager

We struggled with it, found a fix, but unclear if it's a fix for all situations?

[yschimke]

Fix https://github.com/joreilly/Confetti/pull/955

[niharika2810]

Yes, we are working on this. Thank you for sharing this, we are looking into it.,

[niharika2810]

Hey wanted to ask iof you have tried this :

.setFilterByAuthorizedAccounts(true)

check the documentation here : https://developer.android.com/training/sign-in/credential-manager

You should first call the API with the setFilterByAuthorizedAccounts parameter set to true. If there are no credentials available, then call the API again and set setFilterByAuthorizedAccounts to false.

Let me know

[yschimke]

I'll try that.

The fix changed us from com.google.android.libraries.identity.googleid.GetGoogleIdOption to GetSignInWithGoogleOption

https://github.com/joreilly/Confetti/pull/955/files#diff-cfa8e621122eb59ae9c24cfa7447d7cc82106e1bada94b0ef4973fb1ff2cac6a

Should we revert back to GetGoogleIdOption which is used in that sample?

val googleIdOption: GetGoogleIdOption = GetGoogleIdOption.Builder()
  .setFilterByAuthorizedAccounts(true)
  .setServerClientId(SERVER_CLIENT_ID)
  .build()

[niharika2810]

yeah i think the official documentation has the latest methods and code. Also, the the error you got is NoCredentialException which is expected, given the non authorized account has been filterd by setting the "setFilterByAuthorizedAccounts" to true.

[yschimke]

Thanks, that all makes sense.

Is there a reason to prefer one or the other Button vs non-button?

[nick-sasquatch]

I'm struggling with this as well--I'd expect that setting setFilterByAuthorizedAccounts(true) would throw the NoCredentialException, but when I set that to false, I'm getting the same result. I tried the same thing with the GetSignInWithGoogleOption, and the view with all of the accounts I'd expect showed up, but when selecting one, no credential was returned.

Maybe I'm not understanding the flow, but it doesn't seem like I'd need to run through the email/password flow to create an account if there's an existing set of credentials on my device. Can you point me to documentation/an example on how this workflow should work? Thanks! (I'm also happy to put this into a new issue or ask elsewhere if that's the best approach.)

[Freshm4at]

@nick-sasquatch I've exact same problem. When i try with GetGoogleIdOption, error is no credential When i try with GetSignInWithGoogleOption, error is GetCredentialCustomException: Account authorization failed

Maybe the ServerClientId, but i don't think so, I had copy/paste from google Cloud Console. Also I added a google account on the emulator, but it changes nothing for the problem.

Some help? I found nothing on web. Thank's!

[Wraiyth]

@Freshm4at We are having the exact same issue as you as well. If we use GetSignInWithGoogleOption, we get the same Account authorization failed exception. At this stage it seems better to just use the old sign-in methods even though they are deprecated?

[nick-sasquatch]

@Freshm4at For me, the issue was in my firebase configuration--there are a couple ways to specify your app's SHA fingerprint: SHA-1 and SHA-256, and I only had the SHA-256 set. Turns out you need the SHA-1 no matter what. Hope you get this sorted soon!

[Wraiyth]

@nick-sasquatch This was sort of my issue as well - in my case it was the incorrect SHA1 in the Android project that was created directly in Google Cloud, but now I'm getting an error "Unable to get token". Did you experience this at all?

[nick-sasquatch]

@Wraiyth Sorry, I didn't experience that error.

[freehussain]

i have the same issue here

[niharika2810]

Let me check this and get back to you.

[ipyton]

Yes, I guess a more details needed. For example, I don't know how to allow user to add a new account when a google account do not exist on the device. And there are so many old version examples may misguide the developers. Thank you!

[niharika2810]

@ksemenova Could you please check this one?

[vakdeniz]

Hi,

I have exact same issue. When I call the Api with .setFilterByAuthorizedAccounts(true), I got the NoCredentialException which is fine. However, when I call the api again with .setFilterByAuthorizedAccounts(false), I still get the same exception without sign in prompt.

Is there anything we could do different?

[hellaandrew]

I have perhaps some more information to add to this. I'm working on updating my auth flow to use the new credential manager. When I set setFilterByAuthorizedAccounts to true, I am shown a single Google account I've used mainly in the past to test my app. However, I know for certain that I've used other Google accounts to log in and do more testing.

I have 5 Google accounts on my device, and only 1 shows up when setFilterByAuthorizedAccounts is set to true. If it's false, no Sign in with Google sheet appears.

[tal-mi]

Same problem as vakdeniz. Getting NoCredentialsException regardless of setFilterByAuthorizedAccounts state.

[niharika2810]

HI all,

We've updated our documentation to be clearer and prescriptive about when to use setFilterByAuthorizedAccounts: https://developer.android.com/identity/sign-in/credential-manager-siwg Could you please check if this explains the usage.

Generally, a developer should be initiating a sign in request using CredMan (requesting all credential types they support and request SiwG with setFilterByAuthorizedAccounts(true) to get the Google Accounts that have been used.

IFF no credentials are returned, they should be initiating a sign up request using CredMan, and request SiwG with setFilterByAuthorizedAccounts(false) to get ALL the Google Accounts for the given device to pick one for sign up.

Let us know if this clariries or you need more help here.

[tal-mi]

Hi @niharika2810 Edge case remains when a device does not have any Google account registered. Regardless of setFilterByAuthorizedAccounts(true) or setFilterByAuthorizedAccounts(false) the flow will issue a "androidx.credentials.exceptions.NoCredentialException: No credentials available" not allowing the user to create an account. Is this by design? In the previous google play auth library (deprecated) the flow initiated a create account option regardless.

Thanks.

[hainm-2525]

hi @yschimke , I use Credential Manager with Sign in with Google . but popup like this. But I want to show policy, and term at below popup. I try to find many way but not working. and I think not support show policy and term like this. it's right?

[yschimke]

@hainm-2525 I don't work on the samples, was just asking questions as another user.

[Freshm4at]

For me, it was a problem of SHA-1.

For those who using Firebase it's simple. Firebase is your ID provider, and when we send it requests (get this user, get this tokenID, signIn, etc...) it needs to verify that is your application and not another program or else.

To do so, in your Firebase project, you perhaps already add a SHA-1, acting like a signature of your app. This SHA-1, you got it from your Google dev console. It's the SHA-1 use to sign you app when it's publish on PlayStore.

But the problem is when debug!! It's not the same SHA-1. When you build your app for debug in android studio, it use a SHA-1 specific for debug. That's why Firebase didn't recognize your App and auth process crash.

Solution PS : I'm on Windows, but i think it's same on Mac and Linux but with different paths

You need to find your debug SHA-1. To do so :

Open android studio, and go to terminal :

1. Go to folder where gradle is used by android, you need to use a gradle tool called keytool cd C:\Program Files\Android\Android Studio1\jbr\bin

2. run this command .\keytool -list -v -keystore "C:\Users\YOUR_USERNAME\.android\debug.keystore" -alias androiddebugkey -storepass android -keypass android

3. Optional. Sometimes it requires a password to decrypt the debug.keystore. For all android studio users, it's the same : android

With this, you will get your debug SHA-1 :

4. Copy and paste it in your Firebase project parameters :

Now Firebase is able to recognize your app even if it build on debug, with debug SHA-1.

You can also use SHA-256 for more security.

PS : if the keytool command do not work, maybe make sure to have java install on your computer. But normally it will works.

Enjoy 👍

[YoreBoard]

Same struggle here. I've tried it all. My only guess is that I need to get my account verified. Hopefully that does the trick. Pretty. Frustrating.

It would also be super helpful to have a Java example available here... https://developer.android.com/identity/sign-in/credential-manager-siwg

[hmdevelo]

I have an error and it says "activity is cancelled by the user" from credentialManager.getCredential(request, context). I have added the correct SHA-1 and using web client id (not the android id). Have someone encounter this error? Please show me how to fix it!

[almasmaris]

I'm using GetSignInWithGoogleOption because i just want to use Google Signin Button and got error NoCredentialException: No credentials available. I'm using the SHA1 in my local project, not in the .android folder.

@hainm-2525 can you provide your code regarding how to use the sign in with google button?

[axitasavani]

Hi @niharika2810 Edge case remains when a device does not have any Google account registered. Regardless of setFilterByAuthorizedAccounts(true) or setFilterByAuthorizedAccounts(false) the flow will issue a "androidx.credentials.exceptions.NoCredentialException: No credentials available" not allowing the user to create an account. Is this by design? In the previous google play auth library (deprecated) the flow initiated a create account option regardless.

Thanks.

Any update on this? as I m face this same issue @tal-mi