CredentialOption


abstract class CredentialOption

Known direct subclasses
GetCustomCredentialOption

Allows extending custom versions of GetCredentialOptions for unique use cases.

GetDigitalCredentialOption

A request to retrieve the user's digital credential, normally used for verification or sign-in purpose.

GetPasswordOption

A request to retrieve the user's saved application password from their password provider.

GetPublicKeyCredentialOption

A request to get passkeys from the user's public key credential provider.

GetRestoreCredentialOption

A request to get the restore credential from the restore credential provider.


Base class for getting a specific type of credentials.

GetCredentialRequest will be composed of a list of CredentialOption subclasses to indicate the specific credential types and configurations that your app accepts.

The typePriorityHint value helps decide where the credential will be displayed on the selector. It is used with more importance than signals like 'last recently used' but with less importance than other signals, such as the ordering of displayed accounts. It is expected to be one of the defined PriorityHints constants. By default, GetCustomCredentialOption will have PRIORITY_DEFAULT, GetPasswordOption will have PRIORITY_PASSWORD_OR_SIMILAR and GetPublicKeyCredentialOption will have PRIORITY_PASSKEY_OR_SIMILAR. It is expected that GetCustomCredentialOption types will remain unchanged unless strong reasons arise and cannot ever have PRIORITY_PASSKEY_OR_SIMILAR. Given passkeys prevent many security threats that other credentials do not, we enforce that nothing is shown higher than passkey types in order to provide end users with the safest credentials first. See the spec here for more information on passkeys.

Summary

Constants

const Int

Default value of display priority.

const Int

Value of display priority for OpenID credentials or those of similar security level.

const Int

Value of display priority for passkeys or credentials of similar security level.

const Int

Value of display priority for passwords or credentials of similar security level.

Public companion functions

CredentialOption
@RequiresApi(value = 34)
createFrom(option: CredentialOption)

Parses the option into an instance of CredentialOption.

CredentialOption
createFrom(
    type: String,
    requestData: Bundle,
    candidateQueryData: Bundle,
    requireSystemProvider: Boolean,
    allowedProviders: Set<ComponentName>
)

Parses the raw data into an instance of CredentialOption.

Public properties

Set<ComponentName>

a set of provider service ComponentName allowed to receive this option (Note: a SecurityException will be thrown if it is set as non-empty but your app does not have android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS; empty means every provider is eligible; for API level < 34, this property will not take effect and you should control the allowed provider via library dependencies)

Bundle

the partial request data in the Bundle format that will be sent to the provider during the initial candidate query stage, which will not contain sensitive user information

Boolean

whether a credential entry will be automatically chosen if it is the only one available option

Boolean

true if must only be fulfilled by a system provider and false otherwise

Bundle

the request data in the Bundle format

String

the credential type determined by the credential-type-specific subclass (e.g. the type for GetPasswordOption is PasswordCredential.TYPE_PASSWORD_CREDENTIAL and for GetPublicKeyCredentialOption is PublicKeyCredential.TYPE_PUBLIC_KEY_CREDENTIAL)

Int

sets the priority of this entry, which defines how it appears in the credential selector, with less precedence than account ordering but more precedence than last used time; see PriorityHints for more information

Constants

PRIORITY_DEFAULT

const val PRIORITY_DEFAULT = 2000: Int

Default value of display priority.

PRIORITY_OIDC_OR_SIMILAR

const val PRIORITY_OIDC_OR_SIMILAR = 500: Int

Value of display priority for OpenID credentials or those of similar security level.

PRIORITY_PASSKEY_OR_SIMILAR

const val PRIORITY_PASSKEY_OR_SIMILAR = 100: Int

Value of display priority for passkeys or credentials of similar security level.

PRIORITY_PASSWORD_OR_SIMILAR

const val PRIORITY_PASSWORD_OR_SIMILAR = 1000: Int

Value of display priority for passwords or credentials of similar security level.

Public companion functions

createFrom

Added in 1.5.0-beta01
@RequiresApi(value = 34)
fun createFrom(option: CredentialOption): CredentialOption

Parses the option into an instance of CredentialOption.

It is recommended to construct a CredentialOption by directly instantiating a CredentialOption subclass, instead of using this API. This API should only be used by a small subset of system apps that reconstruct an existing object for user interactions such as collecting consents.

Parameters
option: CredentialOption

the framework CredentialOption object

createFrom

Added in 1.5.0-beta01
fun createFrom(
    type: String,
    requestData: Bundle,
    candidateQueryData: Bundle,
    requireSystemProvider: Boolean,
    allowedProviders: Set<ComponentName>
): CredentialOption

Parses the raw data into an instance of CredentialOption.

It is recommended to construct a CredentialOption by directly instantiating a CredentialOption subclass, instead of using this API. This API should only be used by a small subset of system apps that reconstruct an existing object for user interactions such as collecting consents.

Parameters
type: String

matches CredentialOption.type

requestData: Bundle

matches CredentialOption.requestData, the request data in the Bundle format; this should be constructed and retrieved from the a given CredentialOption itself and never be created from scratch

candidateQueryData: Bundle

matches CredentialOption.candidateQueryData; this should be constructed and retrieved from the a given CredentialOption itself and never be created from scratch

requireSystemProvider: Boolean

matches CredentialOption.isSystemProviderRequired

allowedProviders: Set<ComponentName>

matches CredentialOption.allowedProviders, empty means every provider is eligible

Public properties

allowedProviders

Added in 1.2.0
val allowedProvidersSet<ComponentName>

a set of provider service ComponentName allowed to receive this option (Note: a SecurityException will be thrown if it is set as non-empty but your app does not have android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS; empty means every provider is eligible; for API level < 34, this property will not take effect and you should control the allowed provider via library dependencies)

candidateQueryData

Added in 1.2.0
val candidateQueryDataBundle

the partial request data in the Bundle format that will be sent to the provider during the initial candidate query stage, which will not contain sensitive user information

isAutoSelectAllowed

Added in 1.2.0
val isAutoSelectAllowedBoolean

whether a credential entry will be automatically chosen if it is the only one available option

isSystemProviderRequired

Added in 1.2.0
val isSystemProviderRequiredBoolean

true if must only be fulfilled by a system provider and false otherwise

requestData

Added in 1.2.0
val requestDataBundle

the request data in the Bundle format

type

Added in 1.2.0
val typeString

the credential type determined by the credential-type-specific subclass (e.g. the type for GetPasswordOption is PasswordCredential.TYPE_PASSWORD_CREDENTIAL and for GetPublicKeyCredentialOption is PublicKeyCredential.TYPE_PUBLIC_KEY_CREDENTIAL)

typePriorityHint

Added in 1.5.0-beta01
val typePriorityHintInt

sets the priority of this entry, which defines how it appears in the credential selector, with less precedence than account ordering but more precedence than last used time; see PriorityHints for more information