public interface SignInClient implements HasApiKey<SignInOptions>

A client for the sign-in API.

The Sign-In APIs can be used for both sign-in and sign-up scenarios. The two scenarios share the same flow in the code, but different BeginSignInRequest should be provided in different scenarios.

The Sign-In APIs guide the user through credential selection before returning an instance of SignInCredential containing the data for sign-in or sign-up.

The recommended process for retrieving credentials using this API is as follows:

  1. Get a new API client instance by calling Identity.getSignInClient.
  2. Call SignInClient.beginSignIn, supplying the constructed BeginSignInRequest as an input.
  3. If the request is successful, at least one matching credential is available. Launch the PendingIntent from the result of the operation to display the UI that guides the user through sign-in. The result of sign-in will be returned in Activity.onActivityResult; calling SignInClient.getSignInCredentialFromIntent will either return the SignInCredential if the operation was successful, or throw an ApiException that indicates the reason for failure.
  4. If the request is unsuccessful, no matching credential was found on the device that can be used to sign the user in. No further action needs to be taken.

When the user signs out of your application, please make sure to call SignInClient.signOut.

The usage of BeginSignInRequest

Different BeginSignInRequest should be used for sign-in and sign-up.

Sign an existing user in

Two types of credentials are supported in SignInCredential: Google ID token and password. To give users more options to choose from when selecting a credential to sign in with, and by extension, increase your app's sign-in rate, it is strongly recommended that applications support both Google ID token and password credentials:

  1. If your application supports username/password login, configure an instance of PasswordRequestOptions in the request.
  2. If your application supports federated sign-in using Google ID tokens, configure an instance of GoogleIdTokenRequestOptions accordingly - be sure to supply your server client ID (you can find this in your Google API console project).

    For the sign-in scenario, it is strongly recommended to set GoogleIdTokenRequestOptions.Builder.setFilterByAuthorizedAccounts to true so only the Google accounts that the user has authorized before will show up in the credential list. This can help prevent a new account being created when the user has an existing account registered with the application.

For example, an app that supports password login and federated sign-in with Google would construct a request as follows:

BeginSignInRequest request = BeginSignInRequest.builder()
     .setPasswordRequestOptions(
         PasswordRequestOptions.builder()
             .setSupported(true)
             .build())
     .setGoogleIdTokenRequestOptions(
         GoogleIdTokenRequestOptions.builder()
             .setSupported(true)
             // Set filterByAuthorizedAccounts = true to avoid duplicated accounts being created
             .setFilterByAuthorizedAccounts(true)
             .setServerClientId("serverClientID")
             .build())
     .build();

Sign up a new user

For the sign-up scenario, only Google ID token credentials should be used. The GoogleIdTokenRequestOptions may look like the following:

BeginSignInRequest request = BeginSignInRequest.builder()
     .setGoogleIdTokenRequestOptions(
         GoogleIdTokenRequestOptions.builder()
             .setSupported(true)
             .setFilterByAuthorizedAccounts(false)
             .setServerClientId("serverClientID")
             .build())
     .build();

Public Method Summary

abstract Task<BeginSignInResult>
beginSignIn(BeginSignInRequest signInRequest)
Initiates the retrieval of a credential that can assist the caller in signing a user in to their application.
abstract SignInCredential
getSignInCredentialFromIntent(Intent data)
Retrieves the SignInCredential from the Intent returned upon successful sign-in, throwing an ApiException if no credential is present.
abstract Task<PendingIntent>
getSignInIntent(GetSignInIntentRequest getSignInIntentRequest)
Gets the PendingIntent that initiates the Google Sign-in flow.
abstract Task<Void>
signOut()
Resets internal state related to sign-in.

Inherited Method Summary

Public Methods

public abstract Task<BeginSignInResult> beginSignIn (BeginSignInRequest signInRequest)

Initiates the retrieval of a credential that can assist the caller in signing a user in to their application.

If the request cannot be honored, an exception will be set on the returned Task. In all other cases, a BeginSignInResult will be returned.

Parameters
signInRequest configuration for the sign-in operation
Returns
  • Task which eventually contains the result of the initialization

public abstract SignInCredential getSignInCredentialFromIntent (Intent data)

Retrieves the SignInCredential from the Intent returned upon successful sign-in, throwing an ApiException if no credential is present.

Throws
ApiException

public abstract Task<PendingIntent> getSignInIntent (GetSignInIntentRequest getSignInIntentRequest)

Gets the PendingIntent that initiates the Google Sign-in flow.

If the request cannot be honored, an exception will be set on the returned Task. In all other cases, a PendingIntent will be returned.

Parameters
getSignInIntentRequest configuration for Google Sign-in flow
Returns

public abstract Task<Void> signOut ()

Resets internal state related to sign-in.

This method should be invoked when a user signs out of your app.

Returns
  • Task which eventually terminates in success or failure