CredentialOption


public abstract class CredentialOption

Known direct subclasses
GetCustomCredentialOption

Allows extending custom versions of GetCredentialOptions for unique use cases.

GetDigitalCredentialOption

A request to retrieve the user's digital credential, normally used for verification or sign-in purpose.

GetPasswordOption

A request to retrieve the user's saved application password from their password provider.

GetPublicKeyCredentialOption

A request to get passkeys from the user's public key credential provider.

GetRestoreCredentialOption

A request to get the restore credential from the restore credential provider.


Base class for getting a specific type of credentials.

GetCredentialRequest will be composed of a list of CredentialOption subclasses to indicate the specific credential types and configurations that your app accepts.

The typePriorityHint value helps decide where the credential will be displayed on the selector. It is used with more importance than signals like 'last recently used' but with less importance than other signals, such as the ordering of displayed accounts. It is expected to be one of the defined PriorityHints constants. By default, GetCustomCredentialOption will have PRIORITY_DEFAULT, GetPasswordOption will have PRIORITY_PASSWORD_OR_SIMILAR and GetPublicKeyCredentialOption will have PRIORITY_PASSKEY_OR_SIMILAR. It is expected that GetCustomCredentialOption types will remain unchanged unless strong reasons arise and cannot ever have PRIORITY_PASSKEY_OR_SIMILAR. Given passkeys prevent many security threats that other credentials do not, we enforce that nothing is shown higher than passkey types in order to provide end users with the safest credentials first. See the spec here for more information on passkeys.

Summary

Constants

static final int

Default value of display priority.

static final int

Value of display priority for OpenID credentials or those of similar security level.

static final int

Value of display priority for passkeys or credentials of similar security level.

static final int

Value of display priority for passwords or credentials of similar security level.

Public methods

static final @NonNull CredentialOption

Parses the option into an instance of CredentialOption.

static final @NonNull CredentialOption
createFrom(
    @NonNull String type,
    @NonNull Bundle requestData,
    @NonNull Bundle candidateQueryData,
    boolean requireSystemProvider,
    @NonNull Set<@NonNull ComponentName> allowedProviders
)

Parses the raw data into an instance of CredentialOption.

final @NonNull Set<@NonNull ComponentName>

a set of provider service ComponentName allowed to receive this option (Note: a SecurityException will be thrown if it is set as non-empty but your app does not have android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS; empty means every provider is eligible; for API level < 34, this property will not take effect and you should control the allowed provider via library dependencies)

final @NonNull Bundle

the partial request data in the Bundle format that will be sent to the provider during the initial candidate query stage, which will not contain sensitive user information

final @NonNull Bundle

the request data in the Bundle format

final @NonNull String

the credential type determined by the credential-type-specific subclass (e.g. the type for GetPasswordOption is PasswordCredential.TYPE_PASSWORD_CREDENTIAL and for GetPublicKeyCredentialOption is PublicKeyCredential.TYPE_PUBLIC_KEY_CREDENTIAL)

final int

sets the priority of this entry, which defines how it appears in the credential selector, with less precedence than account ordering but more precedence than last used time; see PriorityHints for more information

final boolean

whether a credential entry will be automatically chosen if it is the only one available option

final boolean

true if must only be fulfilled by a system provider and false otherwise

Constants

PRIORITY_DEFAULT

public static final int PRIORITY_DEFAULT = 2000

Default value of display priority.

PRIORITY_OIDC_OR_SIMILAR

public static final int PRIORITY_OIDC_OR_SIMILAR = 500

Value of display priority for OpenID credentials or those of similar security level.

PRIORITY_PASSKEY_OR_SIMILAR

public static final int PRIORITY_PASSKEY_OR_SIMILAR = 100

Value of display priority for passkeys or credentials of similar security level.

PRIORITY_PASSWORD_OR_SIMILAR

public static final int PRIORITY_PASSWORD_OR_SIMILAR = 1000

Value of display priority for passwords or credentials of similar security level.

Public methods

createFrom

Added in 1.5.0-rc01
@RequiresApi(value = 34)
public static final @NonNull CredentialOption createFrom(@NonNull CredentialOption option)

Parses the option into an instance of CredentialOption.

It is recommended to construct a CredentialOption by directly instantiating a CredentialOption subclass, instead of using this API. This API should only be used by a small subset of system apps that reconstruct an existing object for user interactions such as collecting consents.

Parameters
@NonNull CredentialOption option

the framework CredentialOption object

createFrom

Added in 1.5.0-rc01
public static final @NonNull CredentialOption createFrom(
    @NonNull String type,
    @NonNull Bundle requestData,
    @NonNull Bundle candidateQueryData,
    boolean requireSystemProvider,
    @NonNull Set<@NonNull ComponentName> allowedProviders
)

Parses the raw data into an instance of CredentialOption.

It is recommended to construct a CredentialOption by directly instantiating a CredentialOption subclass, instead of using this API. This API should only be used by a small subset of system apps that reconstruct an existing object for user interactions such as collecting consents.

Parameters
@NonNull String type

matches CredentialOption.type

@NonNull Bundle requestData

matches CredentialOption.requestData, the request data in the Bundle format; this should be constructed and retrieved from the a given CredentialOption itself and never be created from scratch

@NonNull Bundle candidateQueryData

matches CredentialOption.candidateQueryData; this should be constructed and retrieved from the a given CredentialOption itself and never be created from scratch

boolean requireSystemProvider

matches CredentialOption.isSystemProviderRequired

@NonNull Set<@NonNull ComponentName> allowedProviders

matches CredentialOption.allowedProviders, empty means every provider is eligible

getAllowedProviders

Added in 1.2.0
public final @NonNull Set<@NonNull ComponentNamegetAllowedProviders()

a set of provider service ComponentName allowed to receive this option (Note: a SecurityException will be thrown if it is set as non-empty but your app does not have android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS; empty means every provider is eligible; for API level < 34, this property will not take effect and you should control the allowed provider via library dependencies)

getCandidateQueryData

Added in 1.2.0
public final @NonNull Bundle getCandidateQueryData()

the partial request data in the Bundle format that will be sent to the provider during the initial candidate query stage, which will not contain sensitive user information

getRequestData

Added in 1.2.0
public final @NonNull Bundle getRequestData()

the request data in the Bundle format

getType

Added in 1.2.0
public final @NonNull String getType()

the credential type determined by the credential-type-specific subclass (e.g. the type for GetPasswordOption is PasswordCredential.TYPE_PASSWORD_CREDENTIAL and for GetPublicKeyCredentialOption is PublicKeyCredential.TYPE_PUBLIC_KEY_CREDENTIAL)

getTypePriorityHint

Added in 1.5.0-rc01
public final int getTypePriorityHint()

sets the priority of this entry, which defines how it appears in the credential selector, with less precedence than account ordering but more precedence than last used time; see PriorityHints for more information

isAutoSelectAllowed

Added in 1.2.0
public final boolean isAutoSelectAllowed()

whether a credential entry will be automatically chosen if it is the only one available option

isSystemProviderRequired

Added in 1.2.0
public final boolean isSystemProviderRequired()

true if must only be fulfilled by a system provider and false otherwise