autologin_platform_interface

The common platform interface with shared code for the autologin plugin.


Keywords
android, flutter, flutter-plugin, smartlock
License
MIT

Documentation

Autologin plugin for Flutter

Build status Pub Version

This Flutter package helps the user to login quickly. When the user has saved in the platform specific password manager credentials will be filled out by a simple confirmation or account chooser depending on the platform. You can also save the users credentials with a simply API call. On supported platforms those credentials will be synced on all your devices.

On Android and Apple devices you can also store a login token to sign in seamlessly without any interaction. So when your user uses your app on a new device for the first time your user will be already signed in.

An animated image of the Android login flow with autologin      An animated image of the iOS login flow with autologin

You can check the web example app on the GitHub page in supported (Chromium based) browsers.

Features and compatibilities

You can safe and request Credentials and store and read Login Tokens for automatic logins without any user interaction.

Android iOS Linux MacOS Web Windows
Credentials ✅ ✅ ✅ ✅* ✅** ✅***
LoginToken ✅ ✅ ✅

*) It seems that saving is just supported on iOS
**) Just on chromium based browsers
***) The documentation of the API mentions that a "Pro" Version is required

Supported platforms

Android

On Android CredentialManager is used. The documentation is not very clear, but it seems that with the PlayServices devices back to Android 4.4 are supported. There is currently no documentation how or if it works on non Google Play certificated devices.

Change your app to use FlutterFragmentActivity

The Android implementation uses the CredentialManager API to query the credentials. This API requires native asynchronous code. This code is written in Kotlin and uses Coroutines. Since the CredentialManager starts a System Activity the Activity lifecycle needs to be maintained, this is managed with the Android Jetpack's Lifecycle API.

The simplest way to add to your MainActivity the LiveCycleOwner interface is to change the base class of your MainActivity to FlutterFragmentActivity. If you MainActivity is empty you can directly reference the base class in your AndroidManifest, then you can delete your MainActivity entirely. In that case you can simply replace in your AndroidManifest (the default path is android/app/main/src/AndroidManifest.xml) the line: android:name=".MainActivity" by android:name="io.flutter.embedding.android.FlutterFragmentActivity".

Important notes on digital asset links

Digital asset links is a way to link your app with a website also called App Links. In order to provide a full example, the example app needs to be signed correctly. Right now the signing key is not checked in, but might be the CI will get the ability to sign the example app in the future so that you can test it by your own.

For the demo you need to publish a .well-known/assetlinks.json which is mirrored in example/web/.well-known/assetlinks.json. However since this is published on github.io the folder will be visible at https://rekire.github.io/autologin_plugin/.well-known/assetlinks.json instead of https://rekire.github.io/.well-known/assetlinks.json, therefore I uploaded that file in a second repository rekire/rekire.github.io where the latest version is actually hosted. In order to publish "dot" directories I had also to define a _config.yaml.

If you want to test your own setup use the Statement List Generator and Tester.

As simple check if the linking works fine check this link on your Android phone, if that opens in Chrome the Example App without an Intent Chooser then this works correctly.

iOS and MacOS

For storing credentials the Shared Web Credentials are used. In order to make this working you need to setup the Associated Domains Entitlement. The main documentation can be found on the Apple Developer site. At least the apple-app-site-association file must be reachable at https://<your-domain>/.well-known/apple-app-site-association and must contain something like:

{
  "webcredentials": {
    "apps": [
      "<your-team-id>.<your-bundle-id>"
    ]
  }
}

Your team id can be found e.g. in ios/Runner.xcodeproj/project.pbxproj look for the key DEVELOPMENT_TEAM, the bundle id is there too look for PRODUCT_BUNDLE_IDENTIFIER. Apple is caching that requests to the file above with their CDN, but you can check the cached value here: https://app-site-association.cdn-apple.com/a/v1/<your-domain>

If you have not setup your app check https://developer.apple.com/account/resources/identifiers/list

In order to use the zero touch login on iOS and MacOS you need to add the iCloud capability and configure iCloud Key-Value Storage in your Xcode project. Here is a step per step guide:

  1. Open your Xcode project.
  2. Select your project in the Project Navigator to open the project settings.
  3. Select your target under "Targets."
  4. Go to the "Signing & Capabilities" tab.
  5. Click the "+ Capability" button.
  6. Scroll down and select "iCloud."
  7. In the iCloud section, enable the "Key-Value storage" checkbox.

Linux

On Linux the D-Bus is used to save an query the password of your app. The native code uses for that like the flutter_secure_storage plugin libsecret. Based on a Blog entry you can store your secrets also directly in KeepassXC, however I was unable to test this integration.

Web

On Web Credential Management API, but be aware that just Chrome, Edge and Opera support this feature (Source).

Windows

On Windows the APIs CredRead and CredWrite are used. Like on Linux that API is used without any user interface.

TODO

  • Extend installation documentation. In the mean time you can use the example app.
  • Build and sign the Android sample app and publish it as artifact (ideally via GitHub Action and as instant app)