Make Easier User Authentication Processes (even on Cross Platforms and Cross Apps) | Huawei Keyring vs Google Identity Smart Lock for Passwords
Hi folks 👋, I have a question for you ❓
🤔 💭 Imagine you own a company such as Meta ( ex-Facebook). So you have a lot of apps/projects such as Facebook, WhatsApp, Instagram. Sometimes your users forget the account/passsword of your apps so they can’t log in to the app. And they try to “Forget Password” functionality of your apps. They try to recover their passwords. They spend time on that. This causes a non-easy and non user-friendly app experience for users. Also, your Forget Password service get a lot of requests and it is a cost for you.
🤔 You come up with a brilliant idea; Sharing Credentials. You want to ease the authentication process of users by sharing credentials between cross apps and cross platforms such as Android Apps-Websites. Users will be needed just remember one password when they can share credentials between your projects. How would you do this❓
🔎 In this article, we will look for answers to this question both on devices that have HMS Core and devices that have Google Play Services.
Huawei Keyring Service fully matches your requirements. Let’s look at it.
The Keyring is an SDK provided by Huawei which allows you to store user credentials locally on Android phones, tablets and also share these credentials between different apps and even platforms such as websites and quick apps.
Keyring provides APIs for android apps, APIs for web apps, and APIs for quick apps. Apps can integrate relevant APIs to use Keyring. All user credentials will be stored in HMS Core Keyring regardless of which type of APIs you are calling, implementing unified credential management and sharing.
The Keyring stores user credentials on the user device for automatic sign-in later. The Keyring encrypts the credentials and stores them on the HMS Core. Additionally, while you save a credential you can pass true to userAuth variable of a Credential instance in order to requestBiometric Verification or Lock Screen Password when an app tries to access this credential.
When an app/platform tries to access a credential which userAuth variable given true, the Keyring SDK will handle user authentication by Biometric Verification or Lock Screen Password. The app/platform can’t access the password of the credential until the authentication has been successfull.
Also, you can save multiple credentials. So that provides multiple login options to the user.
You can pass app and website identities which you want to share this credential with them to sharedWith variable while creating a credential instance to save. So you can define other android apps, websites, and quick apps in order to share user credentials securely.
You can get credentials shared with your app in addition to saved by your app while retrieving the credential list. You need to pass a trustedAppList to your request -such as saving a credential process- in order to define which platforms (android app, website, quick app) trusted your app and has possibly shared some credentials with your app.
For instance; A user logged into Instagram. And Instagram saved the user credentials with a trustedAppList. Suppose this trustedAppList includes a Facebook android app, Facebook Website, and WhatsApp android app identities. The Facebook Android app will try to retrieve saved credentials from HMS Core when the user enters the Facebook android app. If the Facebook android app passes Instagram app identities in a trustedAppList while retrieving saved credentials, it will be able to obtain saved credentials from the Instagram app to HMS Core. After then the Facebook app will show obtained list and the user will be able to select the Instagram credentials to log in Facebook app.
One credential two different apps. Seamless & Effortless user experience. That’s the power of Keyring.
Note; the trustedAppList can be different while saving credentials and obtaining the credential list. It doesn’t have to be the same. For instance, when you save CredentialA you can pass 3 Identities to share this credential. And when saving CredentialB you can pass just 1 Identity. Even you can pass nothing -just the app which saved the credential can retrieve it. When you retrieve the saved credential list you can pass 5 Identity. No problem. Just customize as your needs (Which platforms do you want to share Credential with? Which platforms/apps possibly shared credentials with you?).
Devices must have HMS Core to use Keyring Service. The keyring is so cool solution for our needs to ease our customer's life and reduce our web request cost. That’s nice but is there any solution for devices that have Google Play Services instead of HMS Core.
This SDK provides programmatically saving and retrieving credentials and automatically signs users in across devices and websites.
Note; for updated user experience and other improvements, Google recommends using One Tap instead of Smart Lock for Password if One Tap sign-in meets your needs. But keep in mind, One Tap has no feature such as sharing credentials between apps or websites.
You can specify sign-in systems with password-based sign-in or commonly-used sign-in providers such as Google, and Twitter Sign-In while retrieving the credentials or saving a credential.
Smart Lock for Password requests confirmation from the user for storing credentials. If the user chooses not to save credentials, the user won’t be prompted again to save any account’s credentials for the app. The user can opt-in later from the Google Settings app, in the Smart Lock for Passwords section. There is no such thing in Keyring.
Smart Lock for Passwords doesn’t provide a credential list that includes all saved credentials. Instead, it throws exceptions if has multiple credentials or no credentials. Then you should handle these states to call the appropriate APIs or show appropriate screens. You should call startResolutionForResult() when multiple credentials exist. Then the SDK will show saved credentials in the UI to prompt the user to choose an account. You will retrieve the selected credential when the user chooses any credential in the UI.
Smart Lock for Passwords provides you with that sharing of credentials between apps and websites to automatically sign in.
But there is no feature such as sharing credentials between android apps. For that you should use Content Providers.
To associate an app with a website, you need to declare associations by hosting a Digital Asset Links JSON file on your website, and adding a link to the Digital Asset Link file to your app’s manifest. And also your website’s sign-in domain must be available through HTTPS. And your app needs to be released in the public channel for associations to be picked up.
Smart Lock for Passwords provides sign-in hints such as the user’s name and email address when retrieving user credential requests fail. When you save password credentials using Smart Lock on devices running Android O or newer, Smart Lock uses the native autofill confirmation dialog over its own dialog whenever possible.
In this article, we learned how we can make easier our customer’s authentication processes. And also we compared Huawei Keyring Service and Google Identity Smart Lock for Password SDK. I hope it is helpful and informative for you. Don’t hesitate to contact me if you find some wrong information. Thanks for reading. Have a healthy life. See you in the next articles👋.
(Don’t forget breaking the clap button 😊)
References in the table
- Explore-Landmarks/CredentialManagementViewModel.kt at master · Explore-In-HMS/Explore-Landmarks
- 👨🏼💻 Manage Your Credentials with Huawei Keyring
- Shares the user’s credentials between your Android apps, quick apps, and web apps using Huawei…
- Google Identity | Google Developers
- Smart Lock for Passwords on Android | Google Developers
- Enable automatic sign-in across apps and websites | Smart Lock for Passwords on Android | Google Developers