Learn how to log in seamlessly across applications and forms in 3 minutes

1. Function inventory

Q1: What is keyring service ?

A: key ring service is a technical service open to domestic and foreign developers by HMS Core, provides local storage of user authentication credentials, and cross-application and cross-form sharing capabilities, helping users to connect between Android applications, fast applications, and web applications. Build a seamless login experience . ("User Authentication Credentials" hereinafter referred to as "Credentials")

Cross-app login example

When the user is already logged in to application A, he opens application B of the same developer, without entering the account password, to directly log in to application B.

Cross-modal login example

Taking an e-commerce application as an example, after logging in to the Android application, the user receives a promotional text message, clicks on the text message link with the Huawei browser, and the web application is directly logged in. After selecting the desired product, the user pays directly and completes the order.

Q2: Can the keyring service help my users share user authentication credentials between any two apps?

A: The keyring service can help users share credentials between apps developed by the same company

Q3: Can the authorization relationship of credentials between applications be inherited, or can only be authorized point-to-point?

A: There is no inheritance relationship, only point-to-point authorization. For example, A is authorized to B, C, D, and E, and B cannot be sub-authorized to F and G.

Q4: If my user needs to log out of the account, can the credentials be deleted in the keyring service?

A: Yes, the keyring service provides developers with delete and update APIs.

Q5: If my user has multiple accounts, how does the keyring service identify which account to log in with?

A: The keyring service can store multiple credentials. It is recommended that the product provide a confirmation interface so that users can choose their own login account.

2. In-depth interpretation of technology

Q1: keyring service share credentials from Android app to Quick app?

A: When a user logs in to your application, the credentials will be stored in the keyring service, and the logged in application will authorize and share these credentials with other trusted fast apps or web apps.

Q2: key ring service support so many application forms?

A: For different application forms, the keyring service provides corresponding interfaces: the keyring service provides Android APIs for Android applications, quick application APIs for fast applications, and Web APIs for web applications.

Q3: Is it safe to store my user credentials in the keyring service?

A: The credentials are encrypted with a randomly generated key in the Trusted Execution Environment (TEE). The key for each device is different, and the key can only be used within the TEE and cannot leave the device. Huawei does not have the key content, supporting credentials are securely stored locally.

Q4: After the app saves the credentials, will there be a prompt when the user is directly logged in next time?

A: The keyring service SDK provides a credential reading interface without an interface. Android applications can directly read the content of the credentials. You can decide whether to prompt the user to log in with an account of an application.

Q5: How does the keyring service verify the identity information of the application requesting to read the credentials, and how does it determine that it is not a counterfeit application?

A: The keyring service can verify the real identity of the APK or website that reads and write credentials by verifying the APK package name of the Android app, the package name of the quick app and the certificate HASH, or by obtaining the real URL of the current web page as the identity information, preventing the credential Hijacked by a phishing program or website, thereby enhancing security in the process of sharing credentials.

3. Privacy Policy Questions and Answers

keyring service comply with the 161dce4b475d46 user privacy policy ?

A: Yes, the privacy statement constraints of the keyring service itself have been explained in the statement about HMS Core and privacy.

Q2: Does my app need to inform the user to help TA keep the credentials?

A: During the use of the keyring service, user credentials are always stored locally on the user device and are not uploaded to the server. The user is still the actual data controller. Huawei cannot actively modify or delete user credentials and other operations that affect credential security. Second, HMS Core The privacy statement has already explained, so your app does not need to inform users.

Q3: When using the keyring service on non-Huawei devices, does my app need to obtain user consent?

A: When a user uses the keyring service on a non-Huawei device, the HMS Core application will be launched in association, and you need to express to the user and obtain their consent; users do not need to obtain a separate consent to use the keyring service on a Huawei device.

Scan the code to get the access guide

Learn more >>

Visit Huawei Developer Alliance official website
Get development guidance document
Huawei Mobile Services open source warehouse address: GitHub , Gitee

Follow us to know the latest technical information of HMS Core for the first time~