CredentialProviderService

@RequiresApi(value = 34)
public abstract class CredentialProviderService extends CredentialProviderService

java.lang.Object
   ↳ android.content.Context
     ↳ android.content.ContextWrapper
       ↳ android.app.Service
         ↳ android.service.credentials.CredentialProviderService
           ↳ androidx.credentials.provider.CredentialProviderService

A CredentialProviderService is a service used to save and retrieve credentials for a given user, upon the request of a client app that typically uses these credentials for sign-in flows.

The credential retrieval and creation/saving is mediated by the Android System that aggregates credentials from multiple credential provider services, and presents them to the user in the form of a selector UI for credential selections/account selections/ confirmations etc.

A CredentialProviderService is only bound to the Android System for the span of a androidx.credentials.CredentialManager get/create API call. The service is bound only if :

  1. The service requires the android.Manifest.permission.BIND_CREDENTIAL_PROVIDER_SERVICE permission.

  2. The user has enabled this service as a credential provider from the settings.

Basic Usage

The basic Credential Manager flow is as such:

  • Client app calls one of the APIs exposed in androidx.credentials.CredentialManager.

  • Android system propagates the developer's request to providers that have been enabled by the user, and can support the androidx.credentials.Credential type specified in the request. We call this the query phase of provider communication. Developer may specify a different set of request parameters to be sent to the provider during this phase.

  • In this query phase, providers, in most cases, will respond with a list of CredentialEntry, and an optional list of Action entries (for the get flow), and a list of CreateEntry (for the create flow). No actual credentials will be returned in this phase.

  • Provider responses are aggregated and presented to the user in the form of a selector UI.

  • User selects an entry on the selector.

  • Android System invokes the PendingIntent associated with this entry, that belongs to the corresponding provider. We call this the final phase of provider communication. The PendingIntent contains the complete request originally created by the developer.

  • Provider finishes the Activity invoked by the PendingIntent by setting the result as the activity is finished.

  • Android System sends back the result to the client app.

The flow described above minimizes the amount of time a service is bound to the system. Calls to the service are considered stateless. If a service wishes to maintain state between the calls, it must do its own state management. Note: The service's process might be killed by the Android System when unbound, for cases such as low memory on the device.

Service Registration

In order for Credential Manager to propagate requests to a given provider service, the provider must:

Summary

Public constructors

Public methods
final void
abstract void

Called by the Android System in response to a client app calling androidx.credentials.CredentialManager.createCredential, to create/save a credential with a credential provider installed on the device.
final void
abstract void

Called by the Android System in response to a client app calling androidx.credentials.CredentialManager.getCredential, to get a credential sourced from a credential provider installed on the device.
final void
abstract void

Called by the Android System in response to a client app calling androidx.credentials.CredentialManager.clearCredentialState.

Inherited methods
From android.content.Context
boolean
final int
getColor(int p0)
final @NonNull ColorStateList
final @Nullable Drawable
getDrawable(int p0)
final @NonNull String
getString(int p0)
final @NonNull String
getString(int p0, @NonNull Object p1)
final @NonNull T
<T extends Object> getSystemService(@NonNull Class<@NonNull T> p0)
final @NonNull CharSequence
getText(int p0)
final @NonNull TypedArray
final @NonNull TypedArray
final @NonNull TypedArray
obtainStyledAttributes(int p0, @NonNull int[] p1)
final @NonNull TypedArray
obtainStyledAttributes(
    @Nullable AttributeSet p0,
    @NonNull int[] p1,
    int p2,
    int p3
)
void
void
sendBroadcastWithMultiplePermissions(
    @NonNull Intent p0,
    @NonNull String[] p1
)
From android.content.ContextWrapper
boolean
bindIsolatedService(
    @NonNull Intent p0,
    int p1,
    @NonNull String p2,
    @NonNull Executor p3,
    @NonNull ServiceConnection p4
)
boolean
boolean
boolean
boolean
bindService(
    @NonNull Intent p0,
    int p1,
    @NonNull Executor p2,
    @NonNull ServiceConnection p3
)
boolean
boolean
bindServiceAsUser(
    @NonNull Intent p0,
    @NonNull ServiceConnection p1,
    int p2,
    @NonNull UserHandle p3
)
int
int
@NonNull int[]
int
int
@NonNull int[]
int
checkPermission(@NonNull String p0, int p1, int p2)
int
int
checkUriPermission(@NonNull Uri p0, int p1, int p2, int p3)
int
checkUriPermission(
    @Nullable Uri p0,
    @Nullable String p1,
    @Nullable String p2,
    int p3,
    int p4,
    int p5
)
@NonNull int[]
checkUriPermissions(@NonNull List<@NonNull Uri> p0, int p1, int p2, int p3)
void

This method is deprecated. Deprecated in Java
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull Context
@NonNull String[]
boolean
boolean
boolean
void
void
enforceCallingOrSelfUriPermission(
    @NonNull Uri p0,
    int p1,
    @NonNull String p2
)
void
void
void
enforcePermission(@NonNull String p0, int p1, int p2, @Nullable String p3)
void
enforceUriPermission(
    @NonNull Uri p0,
    int p1,
    int p2,
    int p3,
    @NonNull String p4
)
void
enforceUriPermission(
    @Nullable Uri p0,
    @Nullable String p1,
    @Nullable String p2,
    int p3,
    int p4,
    int p5,
    @Nullable String p6
)
@NonNull String[]
@NonNull Context
@NonNull ApplicationInfo
@NonNull AssetManager
@NonNull AttributionSource
@Nullable String
@NonNull Context
@NonNull File
@NonNull ClassLoader
@NonNull File
@NonNull ContentResolver
@NonNull File
@NonNull File
int
@NonNull File
getDir(@NonNull String p0, int p1)
@Nullable Display
@Nullable File
@NonNull File[]
@Nullable File
@NonNull File[]
@NonNull File[]
@NonNull File
@NonNull File
@NonNull Executor
@NonNull Looper
@NonNull File
@NonNull File
@NonNull File[]
@NonNull String
@NonNull String
@NonNull PackageManager
@NonNull String
@NonNull String
@Nullable ContextParams
@NonNull Resources
@NonNull SharedPreferences
@NonNull Object
String
@NonNull Resources.Theme
@NonNull Drawable

This method is deprecated. Deprecated in Java
int

This method is deprecated. Deprecated in Java
int

This method is deprecated. Deprecated in Java
void
boolean
boolean
boolean
boolean
boolean
@NonNull FileInputStream
@NonNull FileOutputStream
openFileOutput(@NonNull String p0, int p1)
@NonNull SQLiteDatabase
openOrCreateDatabase(
    @NonNull String p0,
    int p1,
    @NonNull SQLiteDatabase.CursorFactory p2
)
@NonNull SQLiteDatabase
@NonNull Drawable

This method is deprecated. Deprecated in Java
void
void
Intent
Intent
registerReceiver(
    @Nullable BroadcastReceiver p0,
    @NonNull IntentFilter p1,
    int p2
)
Intent
registerReceiver(
    @Nullable BroadcastReceiver p0,
    @NonNull IntentFilter p1,
    @Nullable String p2,
    @Nullable Handler p3
)
Intent
registerReceiver(
    @Nullable BroadcastReceiver p0,
    @NonNull IntentFilter p1,
    @Nullable String p2,
    @Nullable Handler p3,
    int p4
)
void

This method is deprecated. Deprecated in Java
void

This method is deprecated. Deprecated in Java
void
void
void
void
void
void
void
void
void
void
sendOrderedBroadcast(
    @NonNull Intent p0,
    @Nullable String p1,
    @Nullable Bundle p2
)
void
sendOrderedBroadcast(
    @NonNull Intent p0,
    @Nullable String p1,
    @Nullable BroadcastReceiver p2,
    @Nullable Handler p3,
    int p4,
    @Nullable String p5,
    @Nullable Bundle p6
)
void
sendOrderedBroadcast(
    @NonNull Intent p0,
    @Nullable String p1,
    @Nullable Bundle p2,
    @Nullable BroadcastReceiver p3,
    @Nullable Handler p4,
    int p5,
    @Nullable String p6,
    @Nullable Bundle p7
)
void
sendOrderedBroadcast(
    @NonNull Intent p0,
    @Nullable String p1,
    @Nullable String p2,
    @Nullable BroadcastReceiver p3,
    @Nullable Handler p4,
    int p5,
    @Nullable String p6,
    @Nullable Bundle p7
)
void
sendOrderedBroadcast(
    @NonNull Intent p0,
    int p1,
    @Nullable String p2,
    @Nullable String p3,
    @Nullable BroadcastReceiver p4,
    @Nullable Handler p5,
    @Nullable String p6,
    @Nullable Bundle p7,
    @Nullable Bundle p8
)
void
sendOrderedBroadcastAsUser(
    @NonNull Intent p0,
    @NonNull UserHandle p1,
    @Nullable String p2,
    @Nullable BroadcastReceiver p3,
    @Nullable Handler p4,
    int p5,
    @Nullable String p6,
    @Nullable Bundle p7
)
void

This method is deprecated. Deprecated in Java
void

This method is deprecated. Deprecated in Java
void

This method is deprecated. Deprecated in Java
void
sendStickyOrderedBroadcast(
    @NonNull Intent p0,
    @Nullable BroadcastReceiver p1,
    @Nullable Handler p2,
    int p3,
    @Nullable String p4,
    @Nullable Bundle p5
)

This method is deprecated. Deprecated in Java
void
sendStickyOrderedBroadcastAsUser(
    @NonNull Intent p0,
    @NonNull UserHandle p1,
    @Nullable BroadcastReceiver p2,
    @Nullable Handler p3,
    int p4,
    @Nullable String p5,
    @Nullable Bundle p6
)

This method is deprecated. Deprecated in Java
void
setTheme(int p0)
void

This method is deprecated. Deprecated in Java
void

This method is deprecated. Deprecated in Java
void
startActivities(@NonNull Intent[] p0)
void
startActivities(@NonNull Intent[] p0, @Nullable Bundle p1)
void
void
@Nullable ComponentName
boolean
startInstrumentation(
    @NonNull ComponentName p0,
    @Nullable String p1,
    @Nullable Bundle p2
)
void
startIntentSender(
    @NonNull IntentSender p0,
    @Nullable Intent p1,
    int p2,
    int p3,
    int p4
)
void
startIntentSender(
    @NonNull IntentSender p0,
    @Nullable Intent p1,
    int p2,
    int p3,
    int p4,
    @Nullable Bundle p5
)
@Nullable ComponentName
boolean
void
void
void
void
void
updateServiceGroup(@NonNull ServiceConnection p0, int p1, int p2)
From android.service.credentials.CredentialProviderService
final @NonNull IBinder
void
From android.app.Service
void
void
dump(
    @NonNull FileDescriptor p0,
    @NonNull PrintWriter p1,
    @NonNull String[] p2
)
final @NonNull Application
final int
void
void
void
void
void
onStart(@NonNull Intent p0, int p1)

This method is deprecated. Deprecated in Java
int
onStartCommand(@NonNull Intent p0, int p1, int p2)
void
void
onTimeout(int p0)
void
onTrimMemory(int p0)
boolean
final void
final void
startForeground(int p0, @NonNull Notification p1, int p2)
final void
stopForeground(boolean p0)

This method is deprecated. Deprecated in Java
final void
final void
final void
stopSelf(int p0)
final boolean

Public constructors

CredentialProviderService

Added in 1.2.0
public CredentialProviderService()

Public methods

onBeginCreateCredential

Added in 1.2.0
public final void onBeginCreateCredential(
    @NonNull BeginCreateCredentialRequest request,
    @NonNull CancellationSignal cancellationSignal,
    @NonNull OutcomeReceiver<@NonNull BeginCreateCredentialResponse, @NonNull CreateCredentialException> callback
)

onBeginCreateCredentialRequest

Added in 1.2.0
public abstract void onBeginCreateCredentialRequest(
    @NonNull BeginCreateCredentialRequest request,
    @NonNull CancellationSignal cancellationSignal,
    @NonNull OutcomeReceiver<@NonNull BeginCreateCredentialResponse, @NonNull CreateCredentialException> callback
)

Called by the Android System in response to a client app calling androidx.credentials.CredentialManager.createCredential, to create/save a credential with a credential provider installed on the device.

Credential provider services must extend this method in order to handle a BeginCreateCredentialRequest request. Once processed, the service must call one of the callback methods to notify the result of the request.

This API call is referred to as the query phase of the original create request from the client app. In this phase, provider must process the request parameters in the BeginCreateCredentialRequest and return a list of CreateEntry whereby every entry represents an account/group where the user will be storing the credential. Each CreateEntry must contain a PendingIntent that will lead the user to an activity in the credential provider's app that will complete the actual credential creation.

When user selects one of the CreateEntry, the associated PendingIntent will be invoked and the provider will receive the complete request as part of the extras in the resulting activity. Provider must retrieve the request through PendingIntentHandler.retrieveProviderCreateCredentialRequest. Once the activity is complete, and the credential is created, provider must set back the response through PendingIntentHandler.setCreateCredentialResponse.

Parameters
@NonNull BeginCreateCredentialRequest request

the BeginCreateCredentialRequest to handle See BeginCreateCredentialResponse for the response to be returned
@NonNull CancellationSignal cancellationSignal

signal for observing cancellation requests. The system will use this to notify you that the result is no longer needed and you should stop handling it in order to save your resources
@NonNull OutcomeReceiver<@NonNull BeginCreateCredentialResponse, @NonNull CreateCredentialException> callback

the callback object to be used to notify the response or error

onBeginGetCredential

Added in 1.2.0
public final void onBeginGetCredential(
    @NonNull BeginGetCredentialRequest request,
    @NonNull CancellationSignal cancellationSignal,
    @NonNull OutcomeReceiver<@NonNull BeginGetCredentialResponse, @NonNull GetCredentialException> callback
)

onBeginGetCredentialRequest

Added in 1.2.0
public abstract void onBeginGetCredentialRequest(
    @NonNull BeginGetCredentialRequest request,
    @NonNull CancellationSignal cancellationSignal,
    @NonNull OutcomeReceiver<@NonNull BeginGetCredentialResponse, @NonNull GetCredentialException> callback
)

Called by the Android System in response to a client app calling androidx.credentials.CredentialManager.getCredential, to get a credential sourced from a credential provider installed on the device.

Credential provider services must extend this method in order to handle a BeginGetCredentialRequest request. Once processed, the service must call one of the callback methods to notify the result of the request.

This API call is referred to as the query phase of the original get request from the client app. In this phase, provider must go over all the android.service.credentials.BeginGetCredentialOption, and add corresponding a CredentialEntry to the BeginGetCredentialResponse. Each CredentialEntry should contain meta-data to be shown on the selector UI. In addition, each CredentialEntry must contain a PendingIntent. Optionally, providers can also add Action entries for any non-credential related actions that they want to offer to the users e.g. opening app, managing credentials etc.

When user selects one of the CredentialEntry, final phase of the original client's get-request flow starts. The Android System attached the complete androidx.credentials.provider.ProviderGetCredentialRequest to an intent extra of the activity that is started by the pending intent. The request must be retrieved through PendingIntentHandler.retrieveProviderGetCredentialRequest. This final request will only contain a single androidx.credentials.CredentialOption that contains the parameters of the credential the user has requested. The provider service must retrieve this credential and return through PendingIntentHandler.setGetCredentialResponse.

Handling locked provider apps If the provider app is locked, and the provider cannot provide any meta-data based CredentialEntry, provider must set an AuthenticationAction on the BeginGetCredentialResponse. The PendingIntent set on this entry must lead the user to an >unlock activity. Once unlocked, the provider must retrieve all credentials, and set the list of CredentialEntry and the list of optional Action as a result of the >unlock activity through PendingIntentHandler.setBeginGetCredentialResponse.

Parameters
@NonNull BeginGetCredentialRequest request

the ProviderGetCredentialRequest to handle See BeginGetCredentialResponse for the response to be returned
@NonNull CancellationSignal cancellationSignal

signal for observing cancellation requests. The system will use this to notify you that the result is no longer needed and you should stop handling it in order to save your resources
@NonNull OutcomeReceiver<@NonNull BeginGetCredentialResponse, @NonNull GetCredentialException> callback

the callback object to be used to notify the response or error
See also
CredentialEntry

for how an entry representing a credential must be built
Action

for how a non-credential related action should be built
AuthenticationAction

for how an entry that navigates the user to an unlock flow can be built

onClearCredentialState

Added in 1.2.0
public final void onClearCredentialState(
    @NonNull ClearCredentialStateRequest request,
    @NonNull CancellationSignal cancellationSignal,
    @NonNull OutcomeReceiver<@NonNull Void, @NonNull ClearCredentialStateException> callback
)

onClearCredentialStateRequest

Added in 1.2.0
public abstract void onClearCredentialStateRequest(
    @NonNull ProviderClearCredentialStateRequest request,
    @NonNull CancellationSignal cancellationSignal,
    @NonNull OutcomeReceiver<Void, @NonNull ClearCredentialException> callback
)

Called by the Android System in response to a client app calling androidx.credentials.CredentialManager.clearCredentialState. A client app typically calls this API on instances like sign-out when the intention is that the providers clear any state that they may have maintained for the given user.

You should invoked this api after your user signs out of your app to notify all credential providers that any stored credential session for the given app should be cleared.

An example scenario of a state that is maintained and is expected to be cleared on this call, is when an active credential session is being stored to limit sign-in options in the result of subsequent get-request calls. When a user explicitly signs out of the app, the next time, the client app may want their users to see all options and hence will call this API first to make sure credential providers can clear the state maintained previously.

Parameters
@NonNull ProviderClearCredentialStateRequest request

the request for the credential provider to handle
@NonNull CancellationSignal cancellationSignal

signal for observing cancellation requests. The system will use this to notify you that the result is no longer needed and you should stop handling it in order to save your resources
@NonNull OutcomeReceiver<Void, @NonNull ClearCredentialException> callback

the callback object to be used to notify the response or error