The newest version of Google Identity Toolkit has been released as Firebase Authentication. It includes upgraded client SDKs, open source UI libraries, session management and integrated email sending service for forgotten password flows.

New projects should use Firebase Authentication. To migrate an existing project from Identity Toolkit to Firebase Authentication, see the migration guide.

Quick-start app for Android

This quick-start app lets you get started with Google Identity Toolkit on Android in about 30 minutes.

Before beginning you will need the following:

  • Android Studio

Step 1: Get the quick-start app

  1. Download the Google Identity Toolkit Android SDK from Github and unzip the folder.
  2. Importing the quick-start app
    1. Select Import Project when launching Android Studio or File->Import Project...
    2. Navigate to the unzipped SDK and select the subfolder titled tutorial, then select Finish
    3. Ensure you have the dependent repositories configured
      1. Tools->Android->SDK Manager
      2. Open SDK Tools tab
      3. Select Google Repository, then install
    4. Create a libs folder under tutorial and move the identitytoolkit-api11.aar file there. If you need to support API level 10, use the identitytoolkit-api10.aar file instead. Note that you will need to use the support libraries.

Step 2: Configure the Google Identity Toolkit API

This quickstart guide will set up a mobile client that will allow username/password, Google, and (optionally) Facebook login.

Identity Toolkit requires web server components to be configured for features such as 'forgot password'. In this quick-start, for simplicity, we will set up a mobile client without a supporting web server. If you have previously set up a web server (e.g. using one of the other quick-starts) you can skip this section and use the configuration you created in that quick-start. Otherwise, follow these steps and you can set up your Identity Toolkit web server later.

  1. Go to the Google API Console API Library.
  2. From the project drop-down, select an existing project, or create a new one. The API Console groups your information by “project” which bundles associated websites, Android apps, and iOS apps. For the Identity Toolkit API, any websites or apps in the same project will share the same user database.
  3. Enable the Identity Toolkit API service:
    1. In the list of Google APIs, search for the Identity Toolkit API service.
    2. Select Identity Toolkit API from the results list.
    3. Select Enable API.
    When the process completes, Identity Toolkit API appears in the list of enabled APIs. To view the list, select APIs & Services on the left sidebar menu, then select the Enabled APIs tab.
  4. Next, you need to set up the screen Google will show the user when you request the user's email address. In the left-side menu under "APIs & Services", select Credentials, then select the OAuth consent screen tab.
    1. Choose an Email Address, enter your website/app's name as the Product Name, and select Save.
    Once saved, you end up on the Credentials tab.
  5. Next, set up your OAuth2 client ID for registering as an app that accepts Google for sign-in.
    1. In the Credentials tab, select the Create credentials drop-down, then select OAuth client ID.
    2. Under Application type, select Web application, even though you are first creating a mobile app. Set Authorized JavaScript Origins to be https://localhost and Authorized Redirect URIs to be https://localhost/callback. These are placeholder URLs which you can update to point to your Identity Toolkit web server when you set it up.
    3. Now, create a Client ID that will be used with your mobile application:
      1. Select the Create credentials drop-down, then select OAuth client ID.
      2. Under Application type, select Android and input the required information. The debug SHA1 can be found by running the command:
        keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey
        The password will be "android".
  6. Next, create an API key so that your app can access Google APIs.
    1. Select the Create credentials drop-down, then select API key.
    2. From the "Create a new key" pop-up, select Android key, and optionally set your app as the allowed referrer.
    3. Select Create.
  7. You're almost there! You just need to decide which sign-in options to support.
    1. On the left-side menu, return to the APIs list by selecting APIs & Services.
    2. Select the Enabled APIs tab.
    3. From the list of enabled APIs, find the Identity Toolkit API, then select the gear icon to the right of the name. This action opens your sign-in page configuration.
      • In the URL Configuration section of the Identity Toolkit configuration screen, you will need to insert some placeholder values since you aren't yet configuring a web server.
        • Widget URL
          From the drop-down, select a URL. This is the URL you entered earlier in the Client ID for Web application, under "Authorized Redirect URIs". For this quick-start app, set this to: /callback
        • Sign-in Success URL
          For this quick-start app, set this to: /
        • Sign-out URL
          For this quick-start app, set this to: /
        • Send Email URL
          For this quick-start app, set this to: /
    4. In the Providers section of the Identity Toolkit API configuration screen, choose which identity providers that you want to support. Without a supporting web server, only identity providers with native SDKs will work. For this quick-start we will configure Google and (optionally) Facebook login.
    5. (Optional) Configure Facebook login
      1. Go to the Facebook developer page register or log in, then select My Apps->Add a New App
      2. Choose the "Website" platform
      3. At the "Setup SDK" part of the quickstart, enter your Site URL. For this demo, that will be http://localhost:8000/callback. Click next. You do not need to use their code snippet.
      4. Once the app is set up:
        • Go to the Dashboard for your app and enter the Facebook App ID as the Client ID.
        • In the API Console Identity Toolkit API configuration page, enable Facebook as a provider and enter the Facebook App ID and App Secret.
    6. Make sure to save your settings!

    Step 3: Set up the quick-start app

    1. Modify the quick-start app
      1. Modify AndroidManifest.xml
        Note: To access the values you will need, open the API Console Credentials page. This page contains the client ID and API key.
        • Uncomment the android:scheme line and replace the placeholder with your reversed server client ID. You can find this ID in the OAuth 2.0 client IDs section under the Type "Web application". For example, if your server client ID is 123.apps.googleusercontent.com then put com.googleusercontent.apps.123 here.
        • Uncomment the identitytoolkit.api_key meta data and replace the placeholder with your API key. You can find your API key in the API keys section under the Type "Android".
        • Uncomment the identitytoolkit.server_client_id meta data and replace the placeholder with your server client ID. You can find this ID in the OAuth 2.0 client IDs section under the Type "Web application".
        • Uncomment the identitytoolkit.server_widget_url and replace the placeholder with your server side Gitkit widget absolute URL. This field doesn't matter for the sample app, but you will need to configure it once you have the web server endpoint set up.
      2. Modify the code tutorial/src/com/google/identitytoolkit/demo/GitkitDemo.java
        • Follow the comments through step 1 to step 5. You'll need to fix all missing imports.
    2. Register the quick-start app in the same project in Google API Console

      1. Get the signing key SHA1. For debugging, usually the default android debug keystore is used. You generated the signing key before, at step 2.5.c. You can reuse that, or run the following command to get the SHA1 for the debug signing key (keystore=debug.keystore, key=androiddebugkey)

            keytool -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
        

        The password for the debug keystore is android.

      2. Create an OAuth2 client for your app in the API Console Credentials page.
        Note: you may have already created this client ID following the instructions at step 2.5.c.

        • From the project drop-down, select your project.
        • On the Credentials page, select the Create credentials drop-down, then select OAuth client ID.
        • Under Application type, select Android
        • Enter a name, and fill in the the SHA1 and the package name (e.g., com.google.identitytoolkit.demo), then select Create.
      3. Run the quick-start app
      4. Run the app on your phone or ensure that your emulator or phone has google-play-services installed (i.e. using the Google APIs target).
      5. Right-click on quick-start project and choose Run As->Android Application

    (Optional) Step 4: Facebook integration

    1. Add the Facebook dependencies

      1. Copy {GITKIT_SDK_DIR}/plugins/identitytoolkit_fbv4.jar to tutorial project (GitkitDemo) {GITKIT_SDK_DIR}/tutorial/libs directory. (If you wish to use Facebook Android SDK v3.x, copy {GITKIT_SDK_DIR}/plugins/identitytoolkit_fb.jar instead)
      2. Update the dependencies section of your build.gradle file to look as it does below. You may want to update some of the version numbers to reflect the latest builds available. (For Facebook SDK v4.6 or above, please set the minSdkVersion to 15)

        dependencies {
            compile 'com.google.android.gms:play-services:11.0.4'
            compile 'com.facebook.android:facebook-android-sdk:4.8.1'
            compile(name:'identitytoolkit-api11', ext:'aar')
            compile(name:'identitytoolkit_fbv4', ext:'jar')
        }
        
    2. Register your app on Facebook

      1. Go to https://developers.facebook.com register or log in, then select My Apps->Add a New App
      2. Once the new app is created, click Settings on the left then click + Add Platform

        1. Select Android
        2. Fill in the package name (com.google.identitytoolkit.demo) and main class (GitkitDemo)
        3. Run the following command to get key hash:

            keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64
          
      3. Fill Facebook app ID/secret in the Google API Console.

        1. From the project drop-down, select the project where your Identity Toolkit API Android App is configured.
        2. From the list of enabled APIs, find the Identity Toolkit API, then select the gear icon to the right of the name. This action opens settings tab.
        3. Scroll down to the Providers section and select Facebook to expand the details view.
        4. Enter the Facebook App ID and App Secret.
        5. When done, select Save.
      4. Conifgure the App Domain. If you are testing locally, this should be https://localhost.
      5. Add another platform, this time for Web. Enter your widget URL in the Site URL field.
    3. Configure your Identity Toolkit app.

      1. Add a string value for the Facebook app ID (you can get it from developers.facebook.com) in res/values/strings.xml

        <string name="fb_app_id">YOUR_FB_APP_ID</string>
        
      2. Add a Facebook app ID meta data in AndroidManifest.xml

        <meta-data android:name="com.facebook.sdk.ApplicationId" android:value="@string/fb_app_id"/>
        
      3. Declare the Facebook sign in activity in your AndroidManifest.xml in case the target device doesn't have Facebook app installed. Add the following line next to the GitkitDemo activity declaration. (Use com.facebook.LoginActivity if you wish to use Facebook Android SDK v3.x)

        <activity android:name="com.facebook.FacebookActivity"/>
        
      4. To enable the Facebook button, change the value of identitytoolkit.show_providers meta data in AndroidManifest.xml to "Google, Yahoo, Facebook".

    4. Run the app

    Note that depending on how you set up your Facebook App ID (if you didn't make it publicly available), you may need to whitelist whichever test Facebook accounts you want to use as Testers (select Roles on your app page on developer.facebook.com). The account that creates the Facebook app is automatic whitelisted.

    Next steps

    1. Configure a web server for your Android app, try an Identity Toolkit quick-start for Java, PHP, or Python.
    2. View API reference
    3. Subscribe to announcement mailing list to get the latest update.
    4. Get community support. Join our community and participate in our discussion group.