Credential Manager is a Jetpack API that supports multiple sign-in methods, such as username and password, passkeys, and federated sign-in solutions (such as Sign-in with Google) in a single API, thus simplifying the integration for developers.
Furthermore, for users, Credential Manager unifies the sign-in interface across authentication methods, making it clearer and easier for users to sign into apps, regardless of the method they choose
Note this package is only supported for android
-
Add the dependency to your pubspec.yaml file
dependencies: credential_manager: <latest_version>
--------------------------------------------OR------------------------------------------------
flutter pub get credential_manager
- Add proguard rules
if
proguard-rules.pro
is not exist inandroid/app
then create new file with same name
-if class androidx.credentials.CredentialManager
-keep class androidx.credentials.playservices.** {
*;
}
- Update
android\app\build.gradle
buildTypes {
release {
//add these lines
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
- Google Cloud Console Set Up
- Go to Google Could Console
- Create a project if you haven’t yet.
- Find the search bar (top center) and type “Credentials” and select Credentials under “Product & Pages”.
- Find the “Create Credentials” button and click it!
- Click on “OAuth client ID” from the pop-up window.
- We have to select an “Application Type”.
- Add package ID and Get debug SHA-1 and release SHA-1
cd android
./gradlew signInReport
- Copy
WebClient(auto created by google)
-
import the package
import 'package:credential_manager/credential_manager dart';
-
Create object for
CredentialManager()
CredentialManager credentialManager = CredentialManager();
-
Check if target platform is supported or not
if(credentialManager.isSupportedPlatform){
// if supported
}
- Initialize credential manager
if(credentialManager.isSupportedPlatform){
// if supported
await credentialManager.init(preferImmediatelyAvailableCredentials: true
//optional perameter for integrate google signing
googleClientId: googleClientId
);
}
Note: If the call to Credential Manager was triggered by an explicit user action, credential will be available immediately after saving if
true
(by default) or user will not able to get credential as soon as possible(May throw error if fetched just after saving credentials)
If you want to encrypted credential manager encrypted_credential_manager
- Save credentials in credential manager
await credentialManager.savePasswordCredentials(
PasswordCredential(username: username, password: password));
- Save Google credentials in credential manager
final GoogleIdTokenCredential? gCredential= await credentialManager.saveGoogleCredential();
Note: It is not necessary to be username and password,you can send any string you want to store but you will get credentials as
PasswordCredential
which hasusername
andpassword
properties.
- Get the saved credentials
Credentials credential =await credentialManager.getPasswordCredentials();
To ensure the security of credentials, we will encrypt the password field using the encrypt library and store the encrypted information in a credential manager. This approach reduces the risk of exposing sensitive information, such as passwords.
To encrypt value and decrypt the encrypted data, you need 128 bit-key of secret_key
and 128 bit-key of iv_key
.
you need to provide a 16 character string as a key.
final secretKey = "<Secret-key>"; // Use a secure key here for example "1234567812345678"
final ivKey = "<16-bit-iv-key>" //for e.g: "xfpkDQJXIfb3mcnb";
- Save encrypted credentials
await credentialManager.saveEncryptedCredentials(
credential: PasswordCredential(username: username, password: password),
secretKey: secretKey,
ivKey: ivKey,
);
- Get encrypted credentials and decrypted the sensitive data
Credentials credential = await credentialManager
.getEncryptedCredentials(secretKey: secretKey, ivKey: ivKey);
Method | Type | Description |
---|---|---|
isSupportedPlatform | boolean | Check if targeted platform supported or not(Only Android supported) |
init(bool preferImmediatelyAvailableCredentials,googleClientId) | Future(void) | To initialize credential Manager,preferImmediatelyAvailableCredentials,If the call to Credential Manager was triggered by an explicit user action, credential will be available immediately after saving if true (by default) or user will not able to get credential as soon as possible(May throw error if fetched just after saving credentials)googleClientId(optional) required when google sign-in is enabled |
savePasswordCredentials(PasswordCredential credential) | Future(void) | To save credentials in credential Manager |
saveEncryptedCredentials(PasswordCredential credential,String secretKey,String ivKey) | Future(void) | To save credentials in credential Manager with encryption |
getPasswordCredentials() | Future(Credential) | return Credential object which has either GoogleIdTokenCredential or PasswordCredential at time, other would have null value. |
getEncryptedCredentials(String secretKey,String ivKey) | Future(Credential ) | which has either GoogleIdTokenCredential or PasswordCredential at time, other would have null value. if PasswordCredential is not null then password will be return as decrypted values. |
Field | Type | Description |
---|---|---|
username | String? | User's username for authentication. |
password | String? | User's password for authentication. |
Constructor: | ||
PasswordCredential({String? username, String? password}) | Creates a new instance of PasswordCredential . |
|
Properties: | ||
String? get username => _username; | Retrieves the username. | |
set username(String? username) => _username = username; | Sets the username. | |
String? get password => _password; | Retrieves the password. | |
set password(String? password) => _password = password; | Sets the password. | |
JSON Serialization/Deserialization: | ||
PasswordCredential.fromJson(Map<String, dynamic> json) | Creates an instance from a JSON map. | |
Map<String, dynamic> toJson() | Converts the instance to a JSON map. |
Field | Type | Description |
---|---|---|
id | String | Identifier for the Google account. |
idToken | String | Google ID token for authentication. |
displayName | String? | Display name of the user. |
familyName | String? | Family name of the user. |
givenName | String? | Given name of the user. |
phoneNumber | String? | Phone number of the user. |
profilePictureUri | Uri? | URI for the user's profile picture. |
Field | Type | Description |
---|---|---|
passwordCredential | PasswordCredential? | Password credentials for authentication. Null if not available. |
googleIdTokenCredential | GoogleIdTokenCredential? | Google ID token credentials. Null if not available. |
NOTE: at a time only one of them will be not null.
if any exception occurs it throws CredentialException
which has field int code
and String message
.
Code | Message | Description |
---|---|---|
101 | Initialization failure | The initialization process encountered an error. |
102 | Plugin exception | An exception occurred within the plugin. |
103 | Not implemented | The functionality is not implemented. |
201 | Login cancelled | The login process was cancelled by the user. |
202 | No credentials found | No valid credentials were found for authentication. |
203 | Mismatched credentials | The provided credentials do not match the expected format. |
204 | Login failed | The login attempt was unsuccessful. |
301 | Save Credentials cancelled | The process of saving credentials was cancelled by the user. |
302 | Create Credentials failed | Failed to create new credentials. |
401 | Encryption failed | Failed to encrypt value. |
402 | Decryption failed | Failed to decrypt value. |
501 | Received an invalid google id token response | Bad response received from Custom Credentials |
502 | Invalid request | Invalid request has been made while saving google credentials |
503 | Google client is not initialized yet | Google Web token Id is invalid or not missing |
504 | Credentials operation failed | Operation failed,something went wrong |
- iOS Support
- Passkey extension for flawless integration with web
- Fork it
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Add some feature')
- Push to the branch (git push origin my-new-feature)
- Create new Pull Request
- If you have any questions, please open an issue.
- If you found a bug, please open an issue.
- If you have a feature request, please open an issue.
- If you want to contribute, please submit a pull request.
- If you use this package, please add a star on GitHub.
- If you use this package, please tweet about it.
- If you use this package, please mention it in a blog post.