Monday, December 23, 2024

Credential Supervisor replaces legacy APIs


Credential Supervisor replaces legacy APIs

Posted by Diego Zavala and Jason Lucibello – Product Managers

In 2023, we launched Credential Supervisor for Android. Credential Supervisor creates a unified expertise for passkeys, Sign up with Google, and passwords, permitting seamless sign-in and eliminating the necessity for customers to kind in usernames or passwords.

ALT TEXT

Fig 1. Pattern app exhibiting Credential Supervisor dialog in a sign-in movement with a passkey, a password, and a Sign up with Google choices

To deliver Credential Supervisor’s advantages to extra Android customers and simplify builders’ integration efforts, APIs that have been beforehand deprecated will proceed their phased removals and shutdowns. These APIs embody:

Builders with apps that also use these APIs ought to migrate to Credential Supervisor as quickly as attainable. Credential Supervisor helps all authentication options included in these legacy APIs, in addition to streamlined journeys for customers and modernizes the expertise with passkey assist and streamlined consumer journeys. Builders seeking to implement authorization performance for Google Accounts, reminiscent of scoped entry to a service like Google Drive, ought to proceed to make use of the AuthorizationClient API.

Present standing of APIs as of September 2024, replace plans, and beneficial migration guides.

Standing: Eliminated

Subsequent Replace: Totally shut down in Q1 2025

Standing: Deprecated

Subsequent Replace: Eliminated in H1 2025

Standing: Deprecated

Subsequent Replace: Eliminated in H1 2025

Standing: Deprecated

Subsequent Replace: Eliminated in H2 2025

Standing: Deprecated

Subsequent Replace: Eliminated in H2 2025

What does every standing imply?

    • Deprecated: API continues to be within the SDK and purposeful, however will likely be eliminated and totally shut down sooner or later. Builders are beneficial emigrate to Credential Supervisor at the moment.
    • Eliminated: API continues to be purposeful for customers, however is not included within the SDK. New app variations compiled with the latest SDK would fail within the construct course of in case your code nonetheless makes use of the eliminated API. In case your app nonetheless depends on any of those APIs, you must migrate to Credential Supervisor as quickly as attainable.
    • Totally shut down: API is not purposeful, and it’ll fail when a request is distributed by an app.

Credential Supervisor affords streamlined, safer auth journeys

Credential Supervisor delivers a number of benefits to customers and builders over the deprecated APIs:

      1. Simpler, safer sign-ins with passkeys: Passkeys are a substitute for passwords that present a neater and safer authentication expertise, primarily based on trade requirements. Credential Supervisor brings assist for passkeys to Android apps.

      2. Frictionless, one-tap sign-in: Customers choose their most well-liked saved credential from the choices supplied, without having to recollect or kind username or passwords.

      3. Unified UI throughout all credentials: Credential Supervisor’s one-tap sign-in works with passkeys, Sign up with Google, and passwords. It deduplicates strategies for a similar account, so customers not want to recollect which methodology they final used, or which one is the “proper” methodology.

      4. Prolonged assist for password managers: Customers profit from utilizing the credentials saved of their most well-liked password supervisor on Credential Supervisor flows, and may even allow a number of password managers on the similar time! Passwords managers not solely shield customers’ credentials, however in addition they present extra motion and protections to maintain customers secure, reminiscent of upgrading passwords to passkeys, alerting customers to password reuse, and containing utilization to affiliated apps and domains.

      5. Simplified improvement: Builders can consolidate their sign-in logic right into a single, trendy API, decreasing improvement overhead and upkeep efforts. New authentication performance will likely be launched by Credential Supervisor going ahead.

Adopting Credential Supervisor is an intuitive improve for builders

For builders beforehand utilizing our deprecated APIs, the transition to Credential Supervisor is clean and intuitive. Builders like X (previously often called Twitter), Pinterest have already skilled the advantages of the improve. X shared with us that Credential Supervisor’s unified method made migration and upkeep easy, whereas Pinterest expressed a clean course of for each customers and engineers with Credential Supervisor.

Quote text reads: 'The Credential Manager library allowed us to unify Smart Lock, Sign in with Google, and passkeys under one cohesive umbrella, significantly reducing the amount of code required. The unified process made migration and maintenance effortless, empowering us to enhance security and user experience with ease' Saurabh Arora, Staff SoftwareEngineer, X (formerly Twitter)

Quote text reads: 'Migrartingo ur codebase to Credential Manager on Android was a smooth process for users and engineers, which aallowed us to have more cohesive and simplified process to support and maintain authentication at Pinterest. Our Android users have benfitted from frictionless sign-in and sign-up using Google, currently accounting for over 75% of user authentications.' - Jorge Garmendia Identity Product safety and Compliance Client Engineering Lead, Pinterest

Builders can use the next guides to make adopting Credential Supervisor even simpler:

Share your suggestions

Your enter could be very precious to us as we proceed to refine and enhance our authentication providers. Please preserve offering us suggestions on the subject tracker and share your expertise integrating Credential Supervisor!

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles