Search code examples
androidgoogle-apigoogle-smartlockpasswords

Android Smart Lock for Passwords sign out

Google states in the documentation that "when the user signs out, call CredentialsApi.disableAutoSignIn() to prevent the user from being immediately signed back in (...)".

This is what happens:

  1. User only has 1 credential stored. When he enters the app, he is automatically signed in;
  2. User signs out, and CredentialsApi.disableAutoSignIn() is invoked;
  3. Now, every time the user enters the app, instead of being automatically signed in, he is presented with a chooser, although the chooser only has 1 option, for the only credential stored.

This is very, very annoying. If the user logs out, he shouldn't be bothered every time to login again. Even if he has more than 1 credential. But, for the time being, let's focus on the case where he only has 1 credential.

Is this the expected behavior? I'm pretty sure that when I tested this feature in January, it wasn't like this. Now I'm putting this feature into production, and if this is the expected behavior, maybe I have to store a flag in the shared preferences for detecting when the user logged out.

The request credential feature is in the main activity of the app, and every time I go there, the dialog chooser appears to request the login.

Solution

  • Unfortunately, you'll have to maintain user state in your app (we haven't made any changes to this behaviour recently, it's always been like this).

    If sign-in is optional for your app, here's what we've seen some apps implement:

    • keep track of whether this is the first run on the device (e.g. in shared preferences), if so, trigger sign-in automatically and show the picker, allowing the user to sign in with one tap if the auto sign-in is disabled or they have multiple accounts

    • on subsequent app starts, you can still try for automatic sign-in (e.g. after user signs up on web or another device and then opens app), but don't resolve the result if it's not the first run (i.e. don't show the picker, just discard the Intent for resolution or hold it for later)

    • if the user explicit triggers the sign-in action (i.e. clicks a sign-in button), you can use the intent, or call the API again to help them sign back in to their account, or switch between accounts

    Sorry, this requires a bit of state on your side; the CredentialsApi.disableAutoSignIn() sets the sign-in disabled state, but does not track the user's signed-in state to the app (which is dependent on the application developer's logic and has to be managed by the app).

    Hope that helps / makes sense, feel free to leave comments. Will see if we can add some guidance to the docs for this!