UNPKG

android-credential-manager

Version:

An expo module to access the new Android credential Manager. Supports username/password, Passkeys and Google Sign In. This module is built to use the suggested and latest way to sign in users through Google

credentialmanager.guhansensam.com

Guhan-SenSam/android-credential-manager

65 lines (42 loc) 2.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
--- description: Link your Android App to your website --- # 📃 Digitial Asset Linking For Credential Manager to work to the best of its ability, it's suggested that you set up your Digitial Asset Linking.&#x20; {% hint style="info" %} The official Android Documentation on this topic is misleading as it states Digital Asset Linking is required for Passkeys to work, however, it seems that they can work sometimes without it. It is also suggested that you only set it up if using password-based login and not passkeys, which directly contradicts their previous statement. In practice, it is recommended to just fully setup Digital Asset Linking {% endhint %} ## What Is Digital Asset Linking Digital Asset Linking is a mechanism in Android that allows apps and websites to verify their connectivity and common ownership. By creating a JSON file in a specific location on your web server, you can declare that your app and website are linked. This enables shared permissions and functionalities, such as enabling your app to handle specific types of links that are used on your website. It's a crucial step to ensure seamless user experiences across platforms and enhances security by confirming app and web relationships. ## Defining Your Digital Asset Linking JSON File Below is an example `assetlinks.json` file that is available on my domain for the example app of this package to work. ```json [ { "relation" : [ "delegate_permission/common.handle_all_urls", "delegate_permission/common.get_login_creds" ], "target": { "namespace": "android_app", "package_name": "androidcredentialmanager.example", "sha256_cert_fingerprints" : [ "FA:C6:17:45:DC:09:03:78:6F:B9:ED:E6:2A:96:2B:39:9F:73:48:F0:BB:6F:89:9B:83:32:66:75:91:03:3B:9C" ] } } ] ``` Let's break down what this JSON file does. 1. We define relation at the start. This tells Android what should be linked between your app and your website. In our case, we want to link the credentials and also to handle all the urls. 2. Next, we have target. Here only the `package_name` and the `sha256_cert_fingerprints` have importance to us. The package name is the name of your Android app identifier and `sha256_cert_fingerprints` can be generated by running the below command. ```bash keytool -list -v -keystore <path to key> -alias <alias> -storepass <store password> -keypass <key password> ``` ## Hosting your DigitalAsset.json file Host the Digital Assets Link JSON file at the following location on the sign-in domain: ``` https://domain[:optional_port]/.well-known/assetlinks.json ``` For example, if your sign-in domain is `signin.example.com`, host the JSON file at `https://signin.example.com/.well-known/assetlinks.json`. The MIME type for the Digital Assets Link file needs to be JSON. Make sure the server sends a `Content-Type: application/json` header in the response.