Implementing Google Sign-In with CredentialManager and Google Drive API authorization in Android

I’m working on an Android app and need help with Google Sign-In and Google Drive API authorization. I’ve set up CredentialManager for sign-in, but I’m stuck on the next steps.

Here’s what I’ve done so far:

fun startGoogleSignIn() {
    val credManager = CredentialManager.create(context)
    val googleIdOption = GetGoogleIdOption.Builder()
        .setServerClientId(CLIENT_ID)
        .build()
    val request = GetCredentialRequest.Builder()
        .addCredentialOption(googleIdOption)
        .build()

    credManager.getCredentialAsync(
        request,
        CancellationSignal(),
        executor,
        object : CredentialManagerCallback<GetCredentialResponse, GetCredentialException> {
            override fun onResult(result: GetCredentialResponse) {
                processSignInResult(result)
            }
            override fun onError(e: GetCredentialException) {
                Log.e(TAG, "Sign-in error: ${e.message}")
            }
        }
    )
}

I’m unsure how to proceed with the Google ID token I receive. The docs mention server-side validation, but I don’t know how to implement that.

Also, I’m having trouble authorizing the Google Drive API. When I try to use Google Identity Services for this, I get a null pointer exception:

fun authorizeDriveApi() {
    val scopes = listOf(Scope(DriveScopes.DRIVE_READONLY))
    val authRequest = AuthorizationRequest.Builder()
        .setRequestedScopes(scopes)
        .build()

    Identity.getAuthorizationClient(context)
        .authorize(authRequest)
        .addOnSuccessListener { result ->
            // Handle result
        }
        .addOnFailureListener { e ->
            Log.e(TAG, "Drive API auth failed", e)
        }
}

Can someone explain how to properly handle the Google ID token and resolve the Drive API authorization issue? Thanks!

I’ve been down this road before, and it can be tricky. For the Google ID token, you don’t necessarily need server-side validation if you’re not using a backend. You can use the token client-side to get user info.

For the Drive API, I found that using the Google Sign-In SDK alongside CredentialManager works better. Try using CredentialManager for sign-in, then once signed in, use GoogleSignInClient to request Drive scopes, and finally, use the resulting account to create a GoogleAccountCredential. This way you’re separating concerns and avoiding conflicts between different Google auth methods. It may involve a bit more code, but it’s more reliable in my experience.

Be sure to handle error cases and token refreshes, and test on different Android versions to account for any quirks on older devices.

hey man, i’ve been there too. for the ID token, u can actually use it client-side to fetch user info if u dont have a backend. just hit the Google API with the token.

for Drive API, try splitting it up. use CredentialManager for signin, then GoogleSignInClient for Drive scopes. it’s a bit more work but way more stable.

dont forget to handle errors nd token refreshes. goodluck!

I’ve encountered similar challenges in my Android projects. For handling the Google ID token, you’ll want to send it to your backend server for validation. The server should use Google’s tokeninfo endpoint to verify the token’s authenticity.

As for the Drive API authorization, it seems you’re mixing older methods with the new CredentialManager approach. Instead, try using the CredentialManager to request both sign-in and Drive API scopes simultaneously. Here’s a rough example:

val googleIdOption = GetGoogleIdOption.Builder()
    .setServerClientId(CLIENT_ID)
    .setFilterByAuthorizedAccounts(false)
    .addAdditionalScope(DriveScopes.DRIVE_READONLY)
    .build()

// Use this in your getCredentialAsync call

This should streamline the process and avoid the null pointer exception you’re experiencing. Remember to handle potential user cancellations and errors appropriately in your implementation.