密碼專用 Smart Lock 已於 2022 年淘汰,目前已從 Google Play 服務驗證 SDK (com.google.android.gms:play-services-auth) 中移除。為了盡量減少可能影響現有整合程序的破壞性變更,Play 商店中所有現有應用程式的 Smart Lock 功能仍可正常使用。透過新版 SDK (com.google.android.gms:play-services-auth:21.0.0) 編譯的新應用程式版本無法再使用 Smart Lock for Password API,也無法完成建構作業。建議所有開發人員盡快將 Android 專案改用 Credential Manager。
改用 Credential Manager API 的好處
Credential Manager 提供簡易的整合式 API,支援新式功能和做法,還可提高使用者的驗證體驗:
- Credential Manager 完整支援密碼儲存及驗證機制。這表示應用程式從 Smart Lock 改用 Credential Manager 時,使用者不會受到影響。
- Credential Manager 支援多帳戶登入方法,包括密碼金鑰和聯合登入方法 (例如使用 Google 帳戶登入),可提升安全性,如果您日後想支援其他登入方法,也能夠輕鬆轉換為其他方法。
- 自 Android 14 起,Credential Manager 支援第三方密碼和密碼金鑰供應器。
- Credential Manager 為所有驗證方法提供了一致的整合式使用者體驗。
改用其他登入方法:
| 登入方法 | 建議 |
|---|---|
| 儲存密碼並使用已儲存的密碼登入 | 使用「透過 Credential Manager 讓使用者登入」指南中的密碼選項。如要瞭解儲存及驗證密碼的詳細步驟,請參閱本文後續章節。 |
| 使用 Google 帳戶登入 | 按照「將 Credential Manager 與『使用 Google 帳戶登入』功能整合」指南中的步驟操作。 |
| 向使用者顯示電話號碼提示 | 使用 Google Identity 服務中的 Phone Number Hint API。 |
透過 Credential Manager 使用密碼登入
如要使用 Credential Manager API,請完成 Credential Manager 指南中「必要條件」一節所述步驟,並確認您已執行下列操作:
- 新增必要的依附元件
- 保留 ProGuard 檔案中的類別
- 新增 Digital Asset Links 的支援 (如果您使用的是密碼專用 Smart Lock,應該已完成此步驟)
- 設定 Credential Manager
- 表示憑證欄位
- 儲存使用者密碼
使用已儲存的密碼登入
如要擷取與使用者帳戶相關聯的密碼選項,請完成下列步驟:
1. 初始化密碼和驗證選項
Kotlin
// Retrieves the user's saved password for your app from their
// password provider.
val getPasswordOption = GetPasswordOption()
Java
// Retrieves the user's saved password for your app from their
// password provider.
GetPasswordOption getPasswordOption = new GetPasswordOption();
2. 使用從上一步擷取的選項建構登入要求
Kotlin
val getCredRequest = GetCredentialRequest(
listOf(getPasswordOption)
)
Java
GetCredentialRequest getCredRequest = new GetCredentialRequest.Builder()
.addCredentialOption(getPasswordOption)
.build();
3. 啟動登入流程
Kotlin
coroutineScope.launch {
try {
// Attempt to retrieve the credential from the Credential Manager.
val result = credentialManager.getCredential(
// Use an activity-based context to avoid undefined system UI
// launching behavior.
context = activityContext,
request = getCredRequest
)
// Process the successfully retrieved credential.
handleSignIn(result)
} catch (e: GetCredentialException) {
// Handle any errors that occur during the credential retrieval
// process.
handleFailure(e)
}
}
fun handleSignIn(result: GetCredentialResponse) {
// Extract the credential from the response.
val credential = result.credential
// Determine the type of credential and handle it accordingly.
when (credential) {
is PasswordCredential -> {
val username = credential.id
val password = credential.password
// Use the extracted username and password to perform
// authentication.
}
else -> {
// Handle unrecognized credential types.
Log.e(TAG, "Unexpected type of credential")
}
}
}
private fun handleFailure(e: GetCredentialException) {
// Handle specific credential retrieval errors.
when (e) {
is GetCredentialCancellationException -> {
/* This exception is thrown when the user intentionally cancels
the credential retrieval operation. Update the application's state
accordingly. */
}
is GetCredentialCustomException -> {
/* This exception is thrown when a custom error occurs during the
credential retrieval flow. Refer to the documentation of the
third-party SDK used to create the GetCredentialRequest for
handling this exception. */
}
is GetCredentialInterruptedException -> {
/* This exception is thrown when an interruption occurs during the
credential retrieval flow. Determine whether to retry the
operation or proceed with an alternative authentication method. */
}
is GetCredentialProviderConfigurationException -> {
/* This exception is thrown when there is a mismatch in
configurations for the credential provider. Verify that the
provider dependency is included in the manifest and that the
required system services are enabled. */
}
is GetCredentialUnknownException -> {
/* This exception is thrown when the credential retrieval
operation fails without providing any additional details. Handle
the error appropriately based on the application's context. */
}
is GetCredentialUnsupportedException -> {
/* This exception is thrown when the device does not support the
Credential Manager feature. Inform the user that credential-based
authentication is unavailable and guide them to an alternative
authentication method. */
}
is NoCredentialException -> {
/* This exception is thrown when there are no viable credentials
available for the user. Prompt the user to sign up for an account
or provide an alternative authentication method. Upon successful
authentication, store the login information using
androidx.credentials.CredentialManager.createCredential to
facilitate easier sign-in the next time. */
}
else -> {
// Handle unexpected exceptions.
Log.w(TAG, "Unexpected exception type: ${e::class.java.name}")
}
}
}
Java
credentialManager.getCredentialAsync(
// Use activity based context to avoid undefined
// system UI launching behavior
activity,
getCredRequest,
cancellationSignal,
<executor>,
new CredentialManagerCallback<GetCredentialResponse, GetCredentialException>() {
@Override
public void onSuccess(GetCredentialResponse result) {
handleSignIn(result);
}
@Override
public void onFailure(GetCredentialException e) {
handleFailure(e);
}
}
);
public void handleSignIn(GetCredentialResponse result) {
// Handle the successfully returned credential.
Credential credential = result.getCredential();
if (credential instanceof PasswordCredential) {
String username = ((PasswordCredential) credential).getId();
String password = ((PasswordCredential) credential).getPassword();
// Use ID and password to send to your server to validate and
// authenticate
} else {
// Catch any unrecognized credential type here.
Log.e(TAG, "Unexpected type of credential");
}
}
public void handleFailure(GetCredentialException e) {
if (e instanceof GetCredentialCancellationException) {
/* During the get credential flow, this is thrown when a user
intentionally cancels an operation. When this happens, the application
should handle logic accordingly, typically under indication the user
does not want to see Credential Manager anymore. */
} else if (e instanceof GetCredentialCustomException) {
/* Represents a custom error thrown during a get flow with
CredentialManager. If you get this custom exception, you should match
its type against exception constants defined in any third-party sdk
with which you used to make the
androidx.credentials.GetCredentialRequest, and then handle it
according to the sdk recommendation. */
} else if (e instanceof GetCredentialInterruptedException) {
/* During the get credential flow, this is thrown when some
interruption occurs that may warrant retrying or at least does not
indicate a purposeful desire to close or tap away from Credential
Manager. */
} else if (e instanceof GetCredentialProviderConfigurationException) {
/* During the get credential flow, this is thrown when configurations
are mismatched for the provider, typically indicating the provider
dependency is missing in the manifest or some system service is not
enabled. */
} else if (e instanceof GetCredentialUnknownException) {
// This is thrown when the get credential operation failed with no
// more details.
} else if (e instanceof GetCredentialUnsupportedException) {
/* During the get credential flow, this is thrown when credential
manager is unsupported, typically because the device has disabled it
or did not ship with this feature enabled. */
} else if (e instanceof NoCredentialException) {
/* During the get credential flow, this is returned when no viable
credential is available for the user. This can be caused by various
scenarios such as that the user doesn't have any credential or the
user doesn't grant consent to using any available credential. Upon
this exception, your app should navigate to use the regular app
sign-up or sign-in screen. When that succeeds, you should invoke
androidx.credentials.CredentialManager.createCredentialAsync to store
the login info, so that your user can sign in more easily through
Credential Manager the next time. */
} else {
Log.w(TAG, "Unexpected exception type " + e.getClass().getName());
}
}