In app Authentication using Google accounts with Unified sign-in from AppGallery Connect

With the release of AppGallery Connect version 1.5.2 the Auth service now has full support for making use of unified sign-in with a Google account!

This new functionality makes AppGallery Connect Auth a great option for all of your app’s authentication needs both on Huawei devices and other Android devices.

So how do we go about using unified sign-in with a Google account? Let’s take a look!

Preparing the environment for Google Sign-in

Details: Google Identity

Navigate to your Google API&Services console.

Open the API&Services and click My Project on the upper left corner. You can create one if no project exists.

Then, click CREATE CREDENTIALS to create an OAuth client ID for your project. If you haven’t already configured the consent screen for this project, follow the on-screen instructions to configure it.

After the configuration is complete, you can navigate back to Credentials > Create CREDENTIALS > OAuth client ID to continue. Select Android as the application type and configure the package name and the SHA-1 certificate fingerprint of the JKS file. The SHA-1 certificate fingerprint here is the SHA-1 value generated in step 3. (If this step is not performed, the timeout error code 10 will be displayed when you integrate Google sign-in.)

After the Android OAuth client has been created, go to the settings page, click Web client (auto-created by Google Service) and copy Client ID and Client secret which are needed for integrating Google sign-in.

Add a resource file. Set app_id and client_id in the /app/res/values/strings.xml of the Android project. The value of client_id is Client ID in the previous step and the value of app_id is the string of numbers that starts with the Client ID.

Now that everything is ready, let’s move on to enabling Auth Service.

Enabling Auth Service

Sign in to AppGallery Connect, create a project and an app, and enable Auth Service. You need to enter the Client ID and Client secret when enabling Google account authentication.
As covered in the previous step, these two can be found by going to Google API&Services > Credentials > OAuth 2.0 Client IDs and opening Web client (Auto-created for Google Sign-in).

Generating the certificate fingerprint for your Android project

If the app does not have a JKS certificate, go to Generate Signed Bundle or APK and click Create a new key store to create one. The generated JKS certificate is the JKS file used in Step 1.

Generate an SHA-256 certificate fingerprint by running the following command and entering the configured password. The SHA1 value must be identical to that configured in step 1.

keytool -list -v -keystore you_path\AuthDemo-Union\app\authdemounion.jks

Configure the corresponding Gradle file, open the app-level build.gradle file, and configure the certificate. Click here to view more details.

Configure the generated SHA256 certificate fingerprint in AppGallery Connect. (If you do not perform this step, error 6003 is reported.)

Configuring the Android service

Open the project-level build.gradle file and configure the Maven repository address and other parameters, as follows:

Open the app-level build.gradle file and configure the SDK, app plug-in address and other parameters, as follows:

Example sign in code:

Result

Once you run the app that has been configured with the signature file in an Android phone and call the GoogleIDLogin method, the following page will appear.

After completing authorization and sign-in, you can view the following logs, which indicate the authentication and sign-in are successful.

Compared with the traditional authentication mode, unified sign-in has significantly improved development, and for this reason, we strongly recommend that you leverage this function.

References:
Auth Service for Android
Google sign-in integration in Auth Service

Lead Developer Advocate for Huawei AppGallery | He/Him | All views are my own and do not represent the views of Huawei