Google Sign-In and Firebase Authentication in Android

Edit: It appears Steemit isn't supporting code syntax highlighting. Screencaps or Gists to follow.

How does the Google Sign-in work?

Google Sign-In requires the Google Play Services dependencies. The user provides credentials through the client, the Firebase and Google play services work in tandem to authenticate the credentials, then return a token ID to the client.

When you pass these credentials to the Google Sign-In Api:

private  void signIn()  {  
Intent signInIntent =  Auth.GoogleSignInApi.getSignInIntent(mGoogleApiClient);  
startActivityForResult(signInIntent, RC\_SIGN\_IN);  
}

Using the onActivityResult(...) method, Google’s backend services verify those credentials and return a response to the client:

@Override  
public  void onActivityResult(int requestCode,  int resultCode,  Intent data)  {  
super.onActivityResult(requestCode, resultCode, data);  
  
// Result returned from launching the Intent fromGoogleSignInApi.getSignInIntent(...);  
if  (requestCode == RC\_SIGN\_IN)  {  
GoogleSignInResult result =  Auth.GoogleSignInApi.getSignInResultFromIntent(data);  
if(result.isSuccess()){  
GoogleSignInAccount account = result.getSignInAccount();  
firebaseAuthWithGoogle(account);  
}else{  
Toast.makeText(SignInActivity.this,  "Error Authenticating",Toast.LENGTH_SHORT);  
  
}  
}  
}

GoogleSignInAccount provides the token ID object after user is logged in:

private  void firebaseAuthWithGoogle(GoogleSignInAccount account)  {  
AuthCredential credential =  GoogleAuthProvider.getCredential(account.getIdToken(),  null);  
mAuth.signInWithCredential(credential)  
.addOnCompleteListener(this,  new  OnCompleteListener<AuthResult>()  {  
@Override  
public  void onComplete(@NonNull  Task<AuthResult> task)  {  
if  (task.isSuccessful())  {  
// Sign in success, update UI with the signed-in user's information  
Log.d("TAG",  "signInWithCredential:success");  
FirebaseUser user = mAuth.getCurrentUser();  
//updateUI(user);  
}  else  {  
// If sign in fails, display a message to the user.  
Log.w("TAG",  "signInWithCredential:failure", task.getException());  
//updateUI(null);  
}  
}  
});  
}

Authentication state listener method makes it convenient to make sure the the UI and users are in the correct states. It handles any scenario in which a user login state might not be synced with the state of the app’s UI. Either the user is logged in and the UI is updated accordingly or the UI prompts the user to log in.

Here the block of code is fired off as long as the current user is not null. The activity (screen) can move from SignInActivity to ContactsActivity:

mAuthListener =  new  FirebaseAuth.AuthStateListener()  {  
@Override  
public  void onAuthStateChanged(@NonNull  FirebaseAuth firebaseAuth)  {  
if  (firebaseAuth.getCurrentUser()  !=  null){  
startActivity(new  Intent(SignInActivity.this,  ContactsActivity.class));  
}  
}  
};

How safe is the Google Authentication in Android?
How the app connects to Google’s Firebase

The app’s connection to the back-end is secured by an SHA-1 key (Secure Hash Algorithm 1). During development, a digital fingerprint is generated on the app developer’s machine. That signature is added to the project's Firebase console. The SHA-1 key is used to authenticate the app on google’s Firebase framework.