How to Sign-in your users seamlessly using Smart Lock on Android

Most of the apps on Play Store has a Sign-in flow for users to create an account or simply to authenticate them.

If each time the user signs into the app, or installs the same app on another device, then she has to remember the password and other details like username that was used and enter it to successfully sign into the app.

We can’t expect users to remember passwords. If a person forgets the credentials, she requests to reset the password. So there are chances that the new password may also be forgotten.

If we can make the user not go through this process each time she logs-in, then we can gain more less-frustrated users.

This can be achieved using Google’s Smart Lock for Passwords on Android.

What is it?

Smart Lock allows users to save their credentials when they sign-up/sign-in to the app, so they don’t need to remember and type passwords whenever they sign-in again.

It allows users to save their credentials for an app in their google account so that they can sign-in the next time without entering anything. You can store credentials of a federated login like Google or Facebook, or a normal email login.

There are several ways you can use Smart Lock based on your use case.

  • You can auto sign-in user if the app has only one user account.
  • If it has multiple accounts, show a dialog to choose from the list of accounts and auto sign-in the user.
  • Populate the credential details in the sign-in fields automatically so that the user has to only click the sign-in button.

How does it work?

Smart Lock on Android uses Credentials API to save and request user credentials for an app. When a new user signs-up into the app, she will be requested to save the credentials using Smart Lock to her Google account. If she saves, then whenever she signs into the app again or does so from another device containing that google account, then her credentials for the app can be retrieved using the Credentials API.

Smart Lock supports most of the sign-in methods such as email, Google, Facebook, Twitter, Microsoft, Yahoo, LinkedIn and PayPal.

How to integrate?

  • You may require an Android device with Google Play Store and Google Play Services 9.8.0 or newer.
  • Next add the following dependency to your build.gradle file: compile 'com.google.android.gms:play-services-auth:10.2.4'

Credentials API

The CredentialsApi interface provides methods to request and save credentials. It can be accessed via Auth.CredentialsApi.

The following methods are available via Auth.CredentialsApi:

  • save(GoogleApiClient client, Credential credential) — saves the credentials used to sign-in to the app.
  • request(GoogleApiClient client, CredentialRequestrequest) — requests the credentials saved for the app. If multiple accounts are saved, then a dialog is shown with a list of accounts to select from.
  • getHintPickerIntent(GoogleApiClient client, HintRequest request) — provides an intent to show a list of accounts to choose from, which upon selecting, you can prefill the details in your sign-up/sign-in fields to speed up the onboarding experience.
  • disableAutoSignIn(GoogleApiClient client) — disables auto sign-in to the app on current device. This can be used when the user has signed out of the app to prevent SmartLock from auto sign-in.
  • delete(GoogleApiClient client, Credential credential) — use this method to delete a credential when it is no longer valid to be used to sign-in into your app.

Possible use cases:

Whenever a user signs-up into the app, use the save method to save the credentials.

When the user signs out of the app, use the disableAutoSignIn method disable her from automatically signing into the app on that device.

When the user signs in again, use the request method to request the saved credentials and sign in the user automatically or prefill the sign-in fields.

If there is an option in the app to delete an account, then use delete method to permanently erase the saved credentials.

Let’s look at some code

Consider an app that has a SignUp page for new user and a SignIn page for existing users.

The source code for this sample can be found here.

Sign-Up and Sign-In screens

Consider an email sign up for example. Once a user fills the sign up fields and press the sign up button, create a Credential object using the data entered in the fields, like email, username, password and profile picture:

Then call the Auth.CredentialsApi.save method passing in the instance of GoogleApiClient and the Credential object to save the credential. If this is the first time, a popup asking the user to allow Smart Lock to save the credentials will show up. If the user allows, it gets saved onto her Google account.

On the onResult callback, if the status is success then we proceed to the next screen.

If it is not immediately successful then it is a new credential and we call status.startResolutionForResult(this, RC_SAVE); which pops up a dialog asking user to save it using Smart Lock. If she opts in, it gets saved. If she opts out, then no credentials will be saved to Smart Lock. Subsequent calls to save will result in status code of CANCELLED. The user can change the option again by going to Google Settings app.

Once signed in, inside the main screen, if the user logs out, then call disableAutoSignIn method to disable auto sign in after sign out.

Once again when the user tries to sign in, call the request method to request the saved credential and auto populate the credential details in the sign in fields.

First create an instance of the CredentialRequest class mentioning the supported sign-up methods:

If there is an option to delete her account from the app forever, then call the delete method on the requested credential:

This is one of the ways to use Smart Lock with your Android apps. You can also use it with other sign in options like Facebook, Twitter, etc.

If you have an app with such Sign In options, then definitely use Smart Lock for Passwords as they are easy to integrate into your Android apps without reinventing the wheel.