The question-and-answer pairs on this page are meant to help you gain more understanding of Credential Manager's implementation details.
Your feedback is a crucial part of improving the Credential Manager API. Share any issues you find or ideas for improving the API using the following link:
Why is there a need for another Jetpack library for app authentication?
The Jetpack Credential Manager library provides a unified sign-in experience across all Android versions. It also lets you get more timely updates with the latest features. It has backward compatibility, with general support on Android 4.4 and higher, and support for passkeys on Android 9 and higher.
Where do these credentials come from?
Credentials come from credential providers and password managers, such as Google Password Manager, that are integrated with Credential Manager and that the user has enabled. Also, for passkeys, users can choose to get them from another device using the hybrid flow.
What are the different use cases where Credential Manager makes more sense or is more necessary to implement?
Credential Manager offers your app a seamless & secure way to manage authentication flows in a consolidated API that offers a unified user interface for several sign-in methods. This has several benefits:
- Users appreciate seeing all their credentials in one place; passkeys, passwords and federated credentials such as Sign in With Google, without needing to tap on 3 different places
Offers a simpler login experience by consolidating the sign-in methods for each account.
Additionally, on Android 14 devices, the user interface surfaces only the safest & simplest authentication method. For instance, if a user has both a passkey and a password for the same account, only the passkey are suggested in the account chooser.
Supports multiple sign-in mechanisms within a single API. It brings support for passkeys on Android apps, enabling the transition to a passwordless future. And at the same time, it also supports passwords and federated sign in like Sign in With Google, simplifying integration requirements and ongoing maintenance.
There are multiple dependencies to add during integration, what is the need of multiple dependencies? Isn't it possible to have just one single dependency to achieve the same?
There is 1 required dependency and 1 optional. The apps include different ones depending on their use cases.
- [Required] androidx.credentials:credentials: Contains the core Credential Manager functionalities including password and passkey support.
- [Optional] androidx.credentials:credentials-play-services-auth: Provides support from Google Play services for Credential Manager, which lets you use the APIs on older devices.
Does Credential Manager support using credentials from another device?
Credential Manager supports cross-device passkey usage through the hybrid transport.
Can developers merge their sign-up and sign-in flows into one API call using Credential Manager?
Not planned right now.
If users have already set up a provider not registered with Credential Manager, what UX is shown to the users?
Providers not registered with Credential Manager continue to operate with the autofill framework, showing suggestions in the keyboard and drop-down menu.
Why is there a need for Credential Manager when there are different sign-in options already in place and screen locks are also there?
On Android devices, users have different solutions to facilitate authentication to apps and websites. As each app may integrate with different combinations of solutions, the user experience may be drastically different.
Credential Manager provides a coherent and consistent sign in user experience to 3P services on Android, regardless of the sign-in method that the user prefers or that the app supports: username and password, passkey, or federated identity.
What specific user requirements are catered using passkeys through the Credential Manager API?
- Eliminate the need for users to create and remember difficult passwords.
- Create a phishing-resistant form of signing in which increases security for users.
How much time would it take for an update to be released for the major bugs?
Jetpack has biweekly releases. The platform has security releases, quarterly releases, and dessert releases depending on the type and severity of a bug. Learn more about the Jetpack release process.
Is there any impact on Performance (App Startup time) after integration?
It is recommended to wisely choose when to initialize your Credential manager sign-in flow and measure your app performance once the API is initialized.
Is this API compatible with Android Go devices?
Yes, the API is compatible with Go devices.
If developers use SMS OTP or federated identity for sign in, is that also supported with Credential Manager?
Credential Manager supports passkeys, passwords and Google ID tokens as sign-in methods. A Google ID token can also be used for sign-up workflows.