Credential Manager Overview
Credential Manager is a Jetpack API that supports multiple sign-in methods, such as username and password, passkeys, and federated sign-in solutions (like Sign-in with Google) in a single API, simplifying integration for developers.
For users, Credential Manager unifies the sign-in interface across authentication methods, making it clearer and easier to sign into apps, regardless of the chosen method.
Note: This package is currently only supported for Android.
Getting Started
Add the dependency to your pubspec.yaml file:
dependencies:
credential_manager: <latest_version>
Or run:
flutter pub add credential_manager
Setup Android
-
Add proguard rules:
Create or update
android/app/proguard-rules.pro
:-if class androidx.credentials.CredentialManager -keep class androidx.credentials.playservices. { ; }
-
Update
android/app/build.gradle
:android { buildTypes { release { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' } } }
Usage in Flutter
-
Import the package:
import 'package:credential_manager/credential_manager.dart';
-
Create a
CredentialManager
instance:CredentialManager credentialManager = CredentialManager();
-
Check if the platform is supported:
if (credentialManager.isSupportedPlatform) { // Supported }
-
Initialize the Credential Manager:
await credentialManager.init( preferImmediatelyAvailableCredentials: true, googleClientId: googleClientId // Optional for Google Sign-In );
-
Save credentials:
await credentialManager.savePasswordCredentials( PasswordCredential(username: username, password: password) );
-
Get saved credentials:
Credentials credential = await credentialManager.getPasswordCredentials();
-
Logout:
await credentialManager.logout();
Google Sign-In Setup (Optional)
- Access Google Cloud Console
- Create or select a project
- Configure OAuth Consent Screen
- Create Credentials (OAuth client ID)
- Set Application Type to Android
- Configure Android App (package name and SHA-1)
- Create Web Application Credentials
- Obtain Client ID for use in Flutter app
Implementation in Flutter:
await credentialManager.init(
preferImmediatelyAvailableCredentials: true,
googleClientId: 'YOUR_WEB_CLIENT_ID_HERE'
);
Passkey Integration
Prerequisites
- An Android app with a unique package name
- A website (sign-in domain) for authentication
Steps
- Create and host a Digital Asset Links JSON file
- Configure your host to allow Google to retrieve the file
Create Passkey
final res = await credentialManager.savePasskeyCredentials(
request: CredentialCreationOptions.fromJson({
// Passkey creation options
})
);
Fetch Generated Passkey
CredentialLoginOptions? passKeyLoginOption = CredentialLoginOptions(
challenge: "<challenge>",
rpId: "<domain.com>",
userVerification: "required",
);
Credentials credential = await credentialManager.getEncryptedCredentials(
secretKey: secretKey,
ivKey: ivKey,
passKeyOption: passKeyLoginOption
);
bool isPublicKeyBasedCredentials = credential.publicKeyCredential != null;
Error Handling
When an exception occurs, a CredentialException
is thrown with the following fields:
int code
: A numeric identifier for the errorString message
: A descriptive message about the error
Error Codes and Descriptions
Code | Message | Description |
---|---|---|
101 | Initialization failure | The initialization process encountered an error. |
102 | Plugin exception | An exception occurred within the plugin. |
103 | Not implemented | The requested functionality is not implemented. |
201 | Login cancelled | The login process was cancelled by the user. |
202 | No credentials found | No valid credentials were found for authentication. |
203 | Mismatched credentials | The provided credentials do not match the expected format. |
204 | Login failed | The login attempt was unsuccessful. |
205 | Temporarily blocked | The user is temporarily blocked due to too many canceled sign-in prompts. |
301 | Save Credentials cancelled | The process of saving credentials was cancelled by the user. |
302 | Create Credentials failed | Failed to create new credentials. |
401 | Encryption failed | Failed to encrypt the value. |
402 | Decryption failed | Failed to decrypt the value. |
501 | Invalid Google ID token response | Received an invalid response from Custom Credentials. |
502 | Invalid request | An invalid request was made while saving Google credentials. |
503 | Google client not initialized | The Google Web token ID is invalid or missing. |
504 | Credentials operation failed | The operation failed due to an unspecified error. |
505 | Google credential decode error | Error occurred while decoding the Google credential. |
601 | Passkey operation cancelled | The user cancelled the passkey operation. |
602 | Passkey creation failed | Failed to create a new passkey. |
603 | Passkey fetch failed | Failed to fetch the passkey with the provided parameters. |
701 | Logout failed | An error occurred while calling `clearCredentialState()` on Android. |
Handling Exceptions
try {
// Credential Manager operation
await credentialManager.someOperation();
} on CredentialException catch (e) {
print('Error Code: ${e.code}');
print('Error Message: ${e.message}');
// Handle the error appropriately
} catch (e) {
// Handle other unexpected errors
print('Unexpected error: $e');
}
Contributors
Djsmk123
jlafazia-figure
wildsylvan
Granfalloner