#Google Developers
(BUTTON)
* Identity Toolkit for Android
____________________
(BUTTON)
(BUTTON)
[Language_____________]
Home Guides Reference
(BUTTON)
* Identity Toolkit for Android
* Home
* Guides
* Reference
The newest version of Google Identity Toolkit has been released as
Google Cloud's Identity Platform and Firebase Authentication. These
products include upgraded client SDKs, open source UI libraries,
session management and integrated email sending service for forgotten
password flows.
Based on your needs, new projects should use either Identity Platform
or Firebase Authentication. To migrate an existing project from
Identity Toolkit, see the Identity Platform migration guide or Firebase
Authentication migration guide.
* Home
* Products
* Google Identity Platform
* Identity Toolkit
* Identity Toolkit for Android
*
Use Identity Toolkit in your Android App
We know developers need to engage their users across all platforms, so
Google Identity Toolkit runs natively on Android. Our Android SDK
provides an easy to use identity solution for all developers.
Add to existing app
Ready to get started? Our Android Quick-start is the easiest way to try
it out.
Otherwise, follow these instructions to add Google Identity Toolkit to
your own application.
1. Download the Android SDK from our Github repository. Use
identitytoolkit-api10.aar if you plan on supporting api level 10.
Note that if you are supporting api level 10, the Acitivity that
initializes GitkitClient must inherit from
android.support.v4.app.FragmentActivity. Otherwise use
identitytoolkit-api11.aar if you only need api level 11+, which
does not require a support library.
2. Configure the Identity Toolkit API as outlined in the Android
Quick-start.
3. Register the quick-start app in the same project in Google API
Console
1. Get the signing key SHA1. For debugging, usually the default
android debug keystore is used. If you followed the
configuration instructions in the previous step, you generated
the signing key. You can reuse that, or run the following
command to get the SHA1 for the debug signing key
(keystore=debug.keystore, key=androiddebugkey)
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey
The password for the debug keystore is android. If you are
using a production signing key, be sure to use that instead.
2. Create an OAuth2 client for your app in the API Console
Credentials page
1. From the project drop-down, select your project.
2. On the Credentials page, select the Create credentials
drop-down, then select OAuth client ID.
3. Under Application type, select Android
4. Enter a name, and fill in the the SHA1 and the package
name (e.g., com.google.identitytoolkit.demo), then select
Create.
4. Modify AndroidManifest.xml
Note: To access the values you will need, open the API Console
Credentials page. This page contains the client ID and API key.
+ Uncomment the android:scheme line and replace the placeholder
with your reversed server client ID. You can find this ID in
the OAuth 2.0 client IDs section under the Type "Web
application". For example, if your server client ID is
123.apps.googleusercontent.com then put
com.googleusercontent.apps.123 here.
+ Uncomment the identitytoolkit.api_key meta data and replace
the placeholder with your API key. You can find your API key
in the API keys section under the Type "Android".
+ Uncomment the identitytoolkit.server_client_id meta data and
replace the placeholder with your server client ID. You can
find this ID in the OAuth 2.0 client IDs section under the
Type "Web application".
+ Uncomment the identitytoolkit.server_widget_url and replace
the placeholder with your server side Gitkit widget absolute
URL. This field doesn't matter for the sample app, but you
will need to configure it once you have the web server
endpoint set up.
Adding Identity Providers
Once you have Sign in with Google and password accounts working, you
will likely want to offer other sign in options for your users.
Facebook
1. Add the Facebook dependencies
1. Copy {GITKIT_SDK_DIR}/plugins/identitytoolkit_fbv4.jar to your
libs folder.(If you wish to use Facebook Android SDK v3.x,
copy {GITKIT_SDK_DIR}/plugins/identitytoolkit_fb.jar instead)
2. Update the dependencies section of your build.gradle file to
look as it does below. You may want to update some of the
version numbers to reflect the latest builds available.(For
Facebook SDK v4.6 or above, please set the minSdkVersion to
15)
dependencies {
compile 'com.google.android.gms:play-services:15.0.0'
compile 'com.facebook.android:facebook-android-sdk:4.8.1'
compile(name:'identitytoolkit-api11', ext:'aar')
compile(name:'identitytoolkit_fbv4', ext:'jar')
}
2. Register your app on Facebook
1. Go to https://developers.facebook.com, register or log in,
then select My Apps->Add a New App
2. Once the new app is created, click Settings on the left then
click + Add Platform
1. Select Android
2. Fill in the package name and main class.
3. Run the following command to get key hash:
keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore
| openssl sha1 -binary | openssl base64
3. Fill Facebook app ID/secret in the Google API Console.
1. From the project drop-down, select the project where your
Identity Toolkit API Android App is configured.
2. From the list of enabled APIs, find the Identity Toolkit
API, then select the gear icon to the right of the name.
This action opens settings tab.
3. Scroll down to the Providers section and select Facebook
to expand the details view.
4. Enter the Facebook App ID and App Secret.
5. When done, select Save.
4. Conifgure the App Domain. If you are testing locally, this
should be https://localhost.
5. Add another platform, this time for Web. Enter your widget URL
in the Site URL field.
3. Configure your Identity Toolkit app.
1. Add a string value for the Facebook app ID (you can get it
from developers.facebook.com) in res/values/strings.xml
YOUR_FB_APP_ID
2. Add a Facebook app ID meta data in AndroidManifest.xml
3. Declare the Facebook sign in activity in your
AndroidManifest.xml in case the target device doesn't have
Facebook app installed. Add the following line next to the
GitkitDemo activity declaration. (Use
com.facebook.LoginActivity if you wish to use Facebook Android
SDK v3.x)
4. To enable the Facebook button, change the value of
identitytoolkit.show_providers meta data in
AndroidManifest.xml to "Google, Yahoo, Facebook".
Yahoo
To enable Yahoo login, note that you need to have the Google Identity
Toolkit javascript widget running at your
identitytoolkit.server_widget_url.
1. Under the identitytoolkit.show_providers meta-data, add "Yahoo" to
the comma-separated list.
2. Set the roll-out percentage in the settings console as appropriate.
Be sure to click "save" when you are done.
Microsoft
To enable Microsoft login, note that you need to have the Google
Identity Toolkit javascript widget running at your
identitytoolkit.server_widget_url.
1. Follow these instructions to enable your Microsoft app. You should
register as a website using your widget_url.
2. Once you have registered you app, copy the Client ID and Secret Key
to the Identity Toolkit configuration page.
3. Under the identitytoolkit.show_providers meta-data, add "Microsoft"
to the comma-separated list.
4. Set the roll-out percentage in the settings console as appropriate.
Be sure to click "save" when you are done.
AOL
To enable AOL login, note that you need to have the Google Identity
Toolkit javascript widget running at your
identitytoolkit.server_widget_url.
1. Under the identitytoolkit.show_providers meta-data, add "AOL" to
the comma-separated list.
2. Set the roll-out percentage in the settings console as appropriate.
Be sure to click "save" when you are done.
Paypal
To enable Paypal login, note that you need to have the Google Identity
Toolkit javascript widget running at your
identitytoolkit.server_widget_url.
1. Follow these instructions to enable your Paypal app. You should
register as a website using your widget_url.
2. Once you have registered you app, copy the Client ID and Secret Key
to the Identity Toolkit configuration page. Be sure to click "save"
when you are done.
3. Under the identitytoolkit.show_providers meta-data, add "Paypal" to
the comma-separated list.
UI Customization
You can override the user interface by implementing your own UiManager.
The UiManager interface requires that you implement five screens, as
outlined below. When you have collected the information for any given
screen, you complete the action by passing the corresponding Request to
the RequestHandler.
Start Sign-in
When the showStartSignIn() method is called, you should allow your user
to choose how they will sign in.
First, if lastUserProfile != null, you should give your users the
option to use this previous account.
If the user does not have any previous accounts or has elected to use a
new sign-in option, you must either collect the Identity Provider they
wish to use or an email if they want to create an email-password
account.
When complete, you must create a UiManager.StartSignInRequest object,
set either the email or provider field, and call
handler.handle(request).
Show Password Sign-in
The showPasswordSignIn() method is called when the user entered an
email on the startSignIn screen and a password account for that email
already exists. You must provide some way for the user to enter their
password, create the appropriate UiManager.SignInWithPasswordRequest,
and pass it to the handler.
If the user has had repeated failed attempts at signing in, they may be
prompted to complete a reCAPTCHA challenge before moving forward.
Be sure that you are prepared to handle the INVALID_PASSWORD error code
at this point.
Show Password Sign Up
The showPasswordSignUp() method is called when the user entered an
email address and no account for that email address exists.
On this screen, you must allow the user to enter a display name and the
password for their account, create the appropriate
UiManager.SignUpWithPasswordRequest, and pass it to the handler.
If several sign up attempts have been made from this device recently,
the user may be asked to solve a reCAPTCHA challenge before continuing.
Show Password Account Linking
The showPasswordAccountLinking() method is called when the user had
previously created a password account and has now elected to use
federated login (but after the federated login has completed). The user
should now be prompted to prove they own the account by entering their
old password. You must provide some way for the user to enter their
password, create the appropriate
UiManager.VerifyAccountWithPasswordRequest, and pass it to the handler.
Be sure that you are prepared to handle the INVALID_PASSWORD error code
at this point.
Show IDP Account Linking
The showIdpAccountLinking() method is called when the user successfully
completed federated login, but an account for that email address
already existed. You should display information about their previous
provider, and that these accounts will be linked. You should allow the
user to confirm this action, create the appropriate
UiManager.VerifyAccountWIthIdpRequest, and pass it to the handler.
If the user elects to link the accounts, they will begin the login flow
for their previously used Identity Provider to prove that they own the
account.
Except as otherwise noted, the content of this page is licensed under
the Creative Commons Attribution 4.0 License, and code samples are
licensed under the Apache 2.0 License. For details, see the Google
Developers Site Policies. Java is a registered trademark of Oracle
and/or its affiliates.
* GitHub GitHub
Fork our samples and try them yourself
* Stack Overflow Stack Overflow
Ask a question under the google-identity-toolkit tag
* Blog Blog
The latest news on the Google Developers blog
* Product Info
+ Terms of Service
+ Branding Guidelines
* Help
+ Identity Toolkit on Stack Overflow
+ Google Identity Platform on Stack Overflow
* Connect
+ Identity Toolkit Forum
Google Developers
* Android
* Chrome
* Firebase
* Google Cloud Platform
* All products
* Terms
* Privacy
* Sign up for the Google Developers newsletter Subscribe
[Language_____________]