The new One Tap sign-in and sign-up on Android helps you optimize the flow for authenticating users in your app. For many Android apps, user accounts are an important part of the conversion funnel and a common source of user drop-off. Users (and developers alike!) often forget which account they signed in with or what password they used for your service. By optimizing the process, you can improve conversion rates and reduce drop-off.
One Tap creates assisted sign in and sign up UIs which will augment your existing flows with a popup that lets your users authenticate frictionlessly. It does not replace your existing sign in or sign up flows, but helps you optimize the experience for users that choose to use the One Tap overlay.
One Tap augments your existing sign in or sign up flows
One Tap supports
- Signing in to an existing account with your service using their Google account or saved passwords
- Signing up for a new account with your service using their Google account (federated login)
It ships with
One Tap and Google Identity Services
One Tap is part of a new suite of libraries currently in development called Google Identity Services. Google Identity Services will eventually incorporate the full feature set of the Smart Lock for Passwords and Google Sign-In libraries, as well as introduce new features. The Google Sign-In library lets you sign in with Google accounts (just like One Tap) as well as offering additional features such as the Google Sign-In button and the ability to request additional permissions. However, this is a work in progress and the first version does not yet implement the full feature set of these libraries.
Google Identity Services will eventually unify both the Google Sign-In and Smart Lock for Passwords for Android developers
One Tap is the first feature of Google Identity Service that we’re launching and it’s ready for use in applications today to optimize sign in and sign up flows. We’ll be working on adding the other features provided by the Google Sign-In and Smart Lock for Passwords libraries. These features include the ability to save passwords, sign in with the Google Sign-In button, request permissions to access user data such as drive content, perform auto and silent sign in using Google Sign-In, save idp credentials, and lookup phone numbers for autofill flows. We hope to launch many of these features in Google Identity Services later this year.
Compared to the existing Google Sign-In and Smart Lock for Passwords UIs, we have found that users are more likely to successfully sign in with the One Tap UI. Also, they’re more likely to choose the correct account when logging back in — which helps them get into your app, avoids creating duplicate accounts, and cuts down on support requests. The web version of this UI, which launched previously, has led to a 2x increase in conversions for some websites.
For existing apps, our recommendation is to evaluate adding One Tap to augment your existing sign in and sign up flows when it makes sense for your application and team (you don’t need to do it right away).
Applications that need features of Google Sign-In or Smart Lock for Passwords that are not yet available can use both libraries today to add One Tap on top of existing flows, or wait for support to be added later this year.
For new applications, we recommend using One Tap to create optimized sign in and sign up experiences.
One Tap does not replace the Google Sign-In button, but augments your app’s existing sign in and sign up flows. You can use One Tap in an application that has a Google Sign-In button to create an assisted sign in or sign up flow in addition to your existing button.
Assisted sign in with One Tap
Assisted sign in with One Tap shows an overlay to the user prompting them to re-sign in with a previously authorized account. The user must have signed in previously in order for it to be presented as a “sign in” option.
Warning: You must implement sign up with One Tap to cover a case when a user doesn’t have a previously authorized account. If you only implement sign in you’ll not show an overlay to users who haven’t used your app or service before.
One Tap sign in is triggered by your code. Depending on your app, this may be triggered when the app first launches, or later when the user attempts to perform a guarded action.
Once you’ve decided to start the sign in process, you can query to see if any accounts are available for sign in by calling
beginSignIn on a
SignInClient. For sign in flows, it’s important that you configure the sign in with
setFilterByAuthorizedAccounts(true) to only return previously authorized (or signed in) accounts. You can read more in the docs.
The callback from
beginSignIn will pass a
PendingIntent that displays the overlay when launched. Then you call
startIntentSenderForResult with the provided PendingIntent to display the modal login popup over the current activity.
One Tap can overlay on top of any Activity in your application
The One Tap dialog can be displayed anywhere in your application. So, you can let the user get started using your app before asking them to sign in. This lets you build an optimized login flow for your application. Wherever you call
startIntentSenderForResult, One Tap will overlay on top of that
The user then signs in using One Tap, or cancels the prompt. Either way, the result is sent to
onActivityResult. You use the same client to parse the result and either get a federated login (Google Sign-In), or a password. Then continue the login process as you normally would with your backend.
Assisted sign up with One Tap
If One Tap doesn’t find any authorized accounts for sign in,
beginSignIn will call the failure listener instead of passing your application a
PendingIntent. When this happens, you should repeat the query but this time look for accounts that can be used to sign up.
This time configure One Tap with
setFilterByAuthorizedAccounts(false) and it will query for any valid accounts that could be used to sign up, as well as any accounts that were previously authorized. If any are found, you’ll get back a
PendingIntent that you can use to show a sign up overlay. When prompted to sign up the user will be asked to give consent for sharing email and profile permissions.
To recap, here’s the overall flow for a One Tap overlay.
And, that’s really it. There’s a bit more to the API to support passwords — but to support federated auth login that’s all you need.
How do I implement my password flow?
You can think of a password login using One Tap as a password manager — the credentials will be stored and shared with your application just as if the user has typed them.
One Tap uses the same password store as Autofill and Smart Lock for Passwords. So, if the user has ever saved a password using either of these for your app, it will be shown to the user as an account option on the One Tap prompt.
One Tap uses the same password store as Autofill and Smart Lock for Passwords
There are three basic password flows: retrieving saved credentials, inputting new credentials, and saving new credentials.
Retrieve saved password credentials
In the initial One Tap sign up flow, configure the
beginSignInRequest to support passwords. Then, the user will be presented with any saved passwords as an option in the One Tap UI.
.setPasswordRequestOptions(PasswordRequestOptions.builder() .setSupported(true) .build())
Sign a user in with a password
If a user chooses a saved password from the One Tap UI, it’ll be provided to your app using
onActivityResult. You should then login to your backend like you normally would as if the user had entered the password.
If the user doesn’t select an account with One Tap, you can show a regular username/password screen. One Tap doesn’t have a UI for password entry, so you’ll have to build this screen and implement login yourself.
One Tap doesn’t provide a UI for entering passwords, you have to build that to support entering new passwords
Save a password after login
After the user enters a password, prompt the user to save it using Autofill. The next time the user returns to your application the saved password will be available as an option in the One Tap sign in prompt.
Make sure you have optimized your app for Autofill to ensure that Autofill is able to successfully save your user credentials! To test saving credentials in Autofill on a device, install the test Autofill service linked from the docs — this lets you ensure that your Autofill implementation will work with all Autofill services. To learn more about optimizing your app for Autofill check out the codelab.
After you optimize your app for Autofill, you can also consider integrating Smart Lock for Passwords which gives you even more control over password saving.
This blog post aimed to give you an overview of what One Tap offers your app, and an idea about how you would integrate it. One Tap offers the ability to assist users through sign in and sign up for Android — improving conversions and avoid drop-off. With a fairly small API it’s easy to augment your existing authorization flows with One Tap.
Check out the One Tap documentation to learn more about integrating it into your app!