Search code examples
google-signingoogle-identitygoogle-smartlockpasswordscredential-manager

Google Smart Lock vs Credential Management API

I want to implement frictionless sign in process for my web app.

After some searching, I have found that there are two solutions available :

My question is, What is the difference between the two API's (if any) and what are the possible use cases for both of these.

From what I have understood, both allow us to save account related info. But the advantage with smart lock is, that saved credentials can be used in corresponding android apps as well.

Thanks !

Note: I intend to support login from multiple sources (google, facebook, linkedin etc.) , not just google.

Solution

  • TL;DR the one-tap sign-up / auto sign-in library includes Credential Management. You should probably just use the library: https://developers.google.com/identity/one-tap/web/get-started

    Details

    The JavaScript library supports account creation with Google Accounts (via a streamlined inline UX that can be shown on content pages instead user having to navigate to a traditional button-based UX and figure out which which button/option to pick and interact with pop-up/redirect)

    And for returning users, the library allows you to programmatically retrieve on page load both tokens for existing one-tap / traditional Google Sign-In users as well as passwords via the Credential Management API in browsers that support it. You can do this with code such as the following:

    const retrievePromise = googleyolo.retrieve({
  supportedAuthMethods: [
    "https://accounts.google.com",
    "googleyolo://id-and-password"
  ],
  supportedIdTokenProviders: [
    {
      uri: "https://accounts.google.com",
      clientId: "YOUR_GOOGLE_CLIENT_ID"
    }
  ]
});

retrievePromise.then((credential) => {
  if (credential.password) {
    // An ID (usually email address) and password credential was retrieved.
    // Sign in to your backend using the password.
    signInWithEmailAndPassword(credential.id, credential.password);
  } else {
    // A Google Account is retrieved. Since Google supports ID token responses,
    // you can use the token to sign in instead of initiating the Google sign-in
    // flow.
    useGoogleIdTokenForAuth(credential.idToken);
  }
}

    See the documentation for details. The library does not currently support non-Google/password forms of identity, you'd have to implement sign-in flow with other mentioned identity providers SDKs yourself at the moment.

    Also note that any sign-ins associated with a Google Account (OAuth token-based or stored and sync'ed password) will be available across Android and Chrome (and the rest of the for token-based accounts).

    Please leave comments for any follow up questions.