I've implemented a simple "Sign in with Google" method, which uses Credential Manager. When running it, I am able to select my Google account via the UI flow, but afterwards I get the error "Unable to get token." with error type "Google Password Manager".
I've tried to dig as deep as I can into the supporting libraries but I cannot find what the reason is for this error. I also cannot find any documentation on the error.
How can I go about debugging the reason for this error message?
My implementation is as below:
public void authenticateWithGoogle(@NonNull String clientId) {
GetSignInWithGoogleOption googleIdOption = new GetSignInWithGoogleOption.Builder(clientId)
.build();
GetCredentialRequest request = new GetCredentialRequest.Builder()
.addCredentialOption(googleIdOption)
.build();
credentialManager.getCredentialAsync(activity.getApplicationContext(), request, null,
THREAD_POOL_EXECUTOR,
new CredentialManagerCallback<>() {
@Override
public void onResult(GetCredentialResponse getCredentialResponse) {
Log.i("***", getCredentialResponse.getCredential().toString());
}
@Override
public void onError(@NonNull GetCredentialException e) {
Log.e("***", e.getMessage());
}
});
}
It turns out that I had misunderstood the types of client IDs in the Google Cloud Console. I'm setting up authentication with a backend service, which requires an ID token to unwrap and verify.
As far as I now understand, using a "Sign in with Google" button means that the authentication flow (actually signing in the user) is handled entirely by Android. If I were to do this part myself, I would need to create an "Android" credential (client ID and secret) in Google Cloud Console. I would use that client ID to authenticate the user.
However, retrieving an ID token for the backend service to use is a separate, subsequent flow, which involves using the client ID generated for the backend instead. Backend service clients are created as "Web Application" credentials in Google Cloud Console. It is this type of client ID that can be considered a "server client ID", and has the ability to return ID tokens.
For my implementation, I do not need an Android client ID at all.