Javascript authentication about android-credentials HOT 6 CLOSED

@emezias sorry I don't completely understand your request. What do you mean by "alternatives to signInWithPassword(credential.getId(), credential.getPassword())"?

from android-credentials.

@samtstern The logic in my app is to save an authorization API call when returning to the app for future authentication. At no point in time is there any opportunity to access a native text field for the username and app. That is all done through a web form.

from android-credentials.

@emezias sorry there is no way to use the SmartLock Android API to populate a web form, and I don't think there will be support for that in the future. There are too many security concerns with crossing the barrier between Java code and WebView code.

You probably want to take a look at the credential management API for web: https://developers.google.com/web/updates/2016/04/credential-management-api

from android-credentials.

@samtstern - the server side is the part that I do not control and cannot change. I may or may not have an administrator with write permission. Is there a way to bypass the username/password and get a token instead from SmartLock?

from android-credentials.

@emezias there's nothing special about the password field in SmartLock. You could store a token in there if you wanted to and it will be passed back to your application in the same way.

from android-credentials.

@samtstern That will work. There's one more point to consider - protected access might be required. The overview page says:

Alternatively, the user may have to input some additional information (e.g. a pin-
code or password) to retrieve the password

Can you expand on that? Is the library able to use a locally configured pin or password for access to the credential?

from android-credentials.