我已成功在 Android 上集成 CredentialManager。假设用户第一次登录,我会收到所需的详细信息,例如电子邮件。现在用户完全关闭应用程序,一旦他再次重新打开,如何检查用户是否已经使用凭据管理器登录以及获取已登录用户的电子邮件 ID,请注意,用户尚未注销并且仅具有从后台完全关闭应用程序。这是我的代码
class MainActivity : AppCompatActivity() {
private lateinit var googleIdOption: GetGoogleIdOption
private lateinit var loginBtn: Button
private lateinit var textView: TextView
private lateinit var logoutBtn: Button
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
enableEdgeToEdge()
setContentView(R.layout.activity_main)
ViewCompat.setOnApplyWindowInsetsListener(findViewById(R.id.main)) { v, insets ->
val systemBars = insets.getInsets(WindowInsetsCompat.Type.systemBars())
v.setPadding(systemBars.left, systemBars.top, systemBars.right, systemBars.bottom)
insets
}
loginBtn = findViewById(R.id.btn)
textView = findViewById(R.id.textview)
logoutBtn = findViewById(R.id.logout)
val credentialManager = CredentialManager.create(this)
logoutBtn.setOnClickListener {
lifecycleScope.launch {
userPreferencesDataStore.edit {
it.clear()
}
val request = ClearCredentialStateRequest()
credentialManager.clearCredentialState(request)
}
}
loginBtn.setOnClickListener {
val rawNonce = UUID.randomUUID().toString()
val bytes = rawNonce.toByteArray()
val md = MessageDigest.getInstance("SHA-256")
val digest = md.digest(bytes)
val hashedNonce = digest.fold(""){str, it -> str + "%02x".format(it)}
googleIdOption = GetGoogleIdOption.Builder()
.setFilterByAuthorizedAccounts(false) //IMP Part
.setServerClientId("myapikey.apps.googleusercontent.com")
.setAutoSelectEnabled(true)
.setNonce(hashedNonce)
.build()
val request: GetCredentialRequest = GetCredentialRequest.Builder()
.addCredentialOption(googleIdOption)
.build()
lifecycleScope.launch {
try {
val result = credentialManager.getCredential(
request = request,
context = this@MainActivity,
)
handleSignIn(result)
} catch (e: GetCredentialException) {
Log.e("Erroris", "Error getting credential", e)
}
}
}
}
private fun handleSignIn(result: GetCredentialResponse) {
// Handle the successfully returned credential.
when (val credential = result.credential) {
// Passkey credential
is PublicKeyCredential -> {
// Share responseJson such as a GetCredentialResponse on your server to
// validate and authenticate
val responseJson = credential.authenticationResponseJson
}
// Password credential
is PasswordCredential -> {
// Send ID and password to your server to validate and authenticate.
val username = credential.id
val password = credential.password
}
// GoogleIdToken credential
is CustomCredential -> {
if (credential.type == GoogleIdTokenCredential.TYPE_GOOGLE_ID_TOKEN_CREDENTIAL) {
try {
// Use googleIdTokenCredential and extract id to validate and
// authenticate on your server.
val googleIdTokenCredential = GoogleIdTokenCredential
.createFrom(credential.data)
val googleIdToken = googleIdTokenCredential.idToken
Log.i("answer",googleIdToken)
val personId = googleIdTokenCredential.id
Log.i("answer",personId) //email
val displayName = googleIdTokenCredential.displayName
Log.i("answer",displayName.toString())
val personPhoto = googleIdTokenCredential.profilePictureUri
Log.i("answer",personPhoto.toString())
} catch (e: GoogleIdTokenParsingException) {
Log.e("Erroris", "Received an invalid google id token response", e)
}
} else {
// Catch any unrecognized custom credential type here.
Log.e("Erroris", "Unexpected type of credential")
}
}
else -> {
// Catch any unrecognized credential type here.
Log.e("Erroris", "Unexpected type of credential")
}
}
}
}
如此处所述,建议始终首先使用
.setFilterByAuthorizedAccounts(true)
(还有 .setAutoSelectEnabled(true)
)调用 API,然后如果您收到没有凭据的响应,则调用相同的方法,但使用.setFilterByAuthorizedAccounts(false)
。当您使用 .setFilterByAuthorizedAccounts(true)
调用 api 时,您基本上只要求那些已用于登录您的应用程序的帐户(即用户已同意与您的应用程序共享该帐户的一些信息)。如果存在这样的帐户(并且该设备上只有一个这样的帐户),则通过设置 .setAutoSelectEnabled(true)
设置的参数允许流程继续前进,而无需任何用户交互,最后,它返回一个 ID 令牌给您,您可以从中提取该帐户的电子邮件。