[Partner Bug] allowedUserIds in GetPasswordOption ignored [339767448]

Assigned

Feature Request

Status Update

No update yet.

Description

de...@atommobility.com

created issue #1

May 10, 2024 08:49AM

Component used: Credentials

Version used: 1.2.2

I want to identify if user has already saved specific email and password. GetPasswordOption has param allowedUserIds, if I provide an email that has not been saved yet, but there is another one, then UI still will be presented where this another email is an option. Expected behavior: method immediately returns with exceptions, as there is no matching email and preferImmediatelyAvailableCredentials is set to true.
credentialManager.getCredential(
context = context.findActivity(),
request = GetCredentialRequest(
credentialOptions = listOf(
GetPasswordOption(setOf("my@email.com"), isAutoSelectAllowed = true)
),
preferImmediatelyAvailableCredentials = true,
)
)

If allowedUserIds worked as expected I would be able to check if user entered email and password is already saved without invoking Credentials UI if I set isAutoSelectAllowed to true. Because then if users email is not saved already getCredential would immediately return, and if there is a match, then there would be only one, and then I could compare returned password with users entered password.

Comments

bl...@google.com <bl...@google.com> #2May 10, 2024 08:53AM

Reassigned to he...@google.com.

Automated by Blunderbuss job android-credential-manager-autoassigner for config android_credman_config for component 1301097.

we...@gmail.com <we...@gmail.com> #3May 10, 2024 09:39AM

Comment has been deleted.

Message last modified on May 10, 2024 09:39AM

he...@google.com <he...@google.com> #4May 10, 2024 07:13PM

Reassigned to di...@google.com.

Hi,

GetPasswordOption with allowedUserIds & isAutoSelectAllowed is not intended for checking whether a sign-in already exists.

Meanwhile, this sounds like a feature request to support a silent flow, so as not to disrupt the user, when your app attempt to save a password credential that is already saved.

de...@atommobility.com <de...@atommobility.com> #5May 13, 2024 08:13AM

I would like to have the same behavior as in Chrome. When password is not saved, then user is presented with a dialog that has two buttons, "save" and "never". When password is already saved, no dialog. When password is changed, dialog with an "update" button. I know that Credentials dont support that. I thought with allowedUserIds I could at least not show the dialog if password already saved.

allowedUserIds - a optional set of user ids with which the credentials associated are requested; leave as empty if you want to request all the available user credentials

In my opinion documentation is misleading, because when I provide an ID that is not saved yet and there is other ID, it will be returned, meaning it returns all available credentials.

di...@google.com <di...@google.com> #6May 14, 2024 10:34PM

Thanks for the additional context.

We are looking into how to enable the feature requested in future releases, and will review the documentation to ensure it's accurate.

Thanks

az...@blockdaemon.com <az...@blockdaemon.com> #7Jul 2, 2024 07:46PM

The same issue. `allowedUserIds` is ignored and returning all available ids.
Using version 1.2.2

as...@gmail.com <as...@gmail.com> #8Dec 9, 2024 07:39AM

Hi Team,

Same this issue occuring in "credentials = 1.5.0-beta01" version. I am trying to get filter credentials but still showing the list of save user in credential manager.

Code Reference:

val request = GetCredentialRequest(
listOf(GetPasswordOption(allowedUserIds = setOf("asher21@gmail.com"))),
preferImmediatelyAvailableCredentials = true,
)

//Here sohwing whole list of bottomSheet.

val result = credentialManager.getCredential(
context = activity,
request = request
).credential

SignInResult.Success((result as? PasswordCredential)?.password.toString())