Credential Manager Documentation

Credential Manager Overview

Credential Manager is a Jetpack API that supports multiple sign-in methods, such as username and password, passkeys, and federated sign-in solutions (like Sign-in with Google) in a single API, simplifying integration for developers.

For users, Credential Manager unifies the sign-in interface across authentication methods, making it clearer and easier to sign into apps, regardless of the chosen method.

Note: This package is currently only supported for Android.

Getting Started

Add the dependency to your pubspec.yaml file:

dependencies:
            credential_manager: <latest_version>

Or run:

flutter pub add credential_manager

Setup Android

Add proguard rules:

Create or update android/app/proguard-rules.pro:

-if class androidx.credentials.CredentialManager
                -keep class androidx.credentials.playservices. {
                ;
                }

Update android/app/build.gradle:

android {
                buildTypes {
                release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
                }
                }
                }

Usage in Flutter

Import the package:

import 'package:credential_manager/credential_manager.dart';

Create a CredentialManager instance:

CredentialManager credentialManager = CredentialManager();

Check if the platform is supported:

if (credentialManager.isSupportedPlatform) {
            // Supported
            }

Initialize the Credential Manager:

await credentialManager.init(
            preferImmediatelyAvailableCredentials: true,
            googleClientId: googleClientId // Optional for Google Sign-In
            );

Save credentials:

await credentialManager.savePasswordCredentials(
            PasswordCredential(username: username, password: password)
            );

Get saved credentials:

Credentials credential = await credentialManager.getPasswordCredentials();

Logout:
```
await credentialManager.logout();
```

Google Sign-In Setup (Optional)

Access Google Cloud Console
Create or select a project
Configure OAuth Consent Screen
Create Credentials (OAuth client ID)
Set Application Type to Android
Configure Android App (package name and SHA-1)
Create Web Application Credentials
Obtain Client ID for use in Flutter app

Implementation in Flutter:

await credentialManager.init(
            preferImmediatelyAvailableCredentials: true,
            googleClientId: 'YOUR_WEB_CLIENT_ID_HERE'
            );

Passkey Integration

Prerequisites

An Android app with a unique package name
A website (sign-in domain) for authentication

Steps

Create and host a Digital Asset Links JSON file
Configure your host to allow Google to retrieve the file

Create Passkey

final res = await credentialManager.savePasskeyCredentials(
            request: CredentialCreationOptions.fromJson({
            // Passkey creation options
            })
            );

Fetch Generated Passkey

CredentialLoginOptions? passKeyLoginOption = CredentialLoginOptions(
            challenge: "<challenge>",
            rpId: "<domain.com>",
            userVerification: "required",
            );
            Credentials credential = await credentialManager.getEncryptedCredentials(
            secretKey: secretKey,
            ivKey: ivKey,
            passKeyOption: passKeyLoginOption
            );
            bool isPublicKeyBasedCredentials = credential.publicKeyCredential != null;

Error Handling

When an exception occurs, a CredentialException is thrown with the following fields:

int code: A numeric identifier for the error
String message: A descriptive message about the error

Error Codes and Descriptions

Code	Message	Description
101	Initialization failure	The initialization process encountered an error.
102	Plugin exception	An exception occurred within the plugin.
103	Not implemented	The requested functionality is not implemented.
201	Login cancelled	The login process was cancelled by the user.
202	No credentials found	No valid credentials were found for authentication.
203	Mismatched credentials	The provided credentials do not match the expected format.
204	Login failed	The login attempt was unsuccessful.
205	Temporarily blocked	The user is temporarily blocked due to too many canceled sign-in prompts.
301	Save Credentials cancelled	The process of saving credentials was cancelled by the user.
302	Create Credentials failed	Failed to create new credentials.
401	Encryption failed	Failed to encrypt the value.
402	Decryption failed	Failed to decrypt the value.
501	Invalid Google ID token response	Received an invalid response from Custom Credentials.
502	Invalid request	An invalid request was made while saving Google credentials.
503	Google client not initialized	The Google Web token ID is invalid or missing.
504	Credentials operation failed	The operation failed due to an unspecified error.
505	Google credential decode error	Error occurred while decoding the Google credential.
601	Passkey operation cancelled	The user cancelled the passkey operation.
602	Passkey creation failed	Failed to create a new passkey.
603	Passkey fetch failed	Failed to fetch the passkey with the provided parameters.
701	Logout failed	An error occurred while calling `clearCredentialState()` on Android.

Handling Exceptions

try {
            // Credential Manager operation
            await credentialManager.someOperation();
            } on CredentialException catch (e) {
            print('Error Code: ${e.code}');
            print('Error Message: ${e.message}');
            // Handle the error appropriately
            } catch (e) {
            // Handle other unexpected errors
            print('Unexpected error: $e');
            }

Contributors

Djsmk123

jlafazia-figure

wildsylvan

Granfalloner