firebase
diff --git a/‎auth/src/main/java/com/firebase/ui/auth/configuration/auth_provider/EmailAuthProvider+FirebaseAuthUI.kt‎
Lines changed: 39 additions & 1 deletion b/‎auth/src/main/java/com/firebase/ui/auth/configuration/auth_provider/EmailAuthProvider+FirebaseAuthUI.kt‎
Lines changed: 39 additions & 1 deletion
diff --git a/‎auth/src/main/java/com/firebase/ui/auth/credentialmanager/PasswordCredentialHandler.kt‎
Lines changed: 64 additions & 2 deletions b/‎auth/src/main/java/com/firebase/ui/auth/credentialmanager/PasswordCredentialHandler.kt‎
Lines changed: 64 additions & 2 deletions
diff --git a/‎auth/src/main/java/com/firebase/ui/auth/ui/screens/email/EmailAuthScreen.kt‎
Lines changed: 18 additions & 0 deletions b/‎auth/src/main/java/com/firebase/ui/auth/ui/screens/email/EmailAuthScreen.kt‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎auth/src/main/java/com/firebase/ui/auth/ui/screens/email/SignInUI.kt‎
Lines changed: 49 additions & 0 deletions b/‎auth/src/main/java/com/firebase/ui/auth/ui/screens/email/SignInUI.kt‎
Lines changed: 49 additions & 0 deletions
@@ -16,13 +16,17 @@ package com.firebase.ui.auth.configuration.auth_provider
 
 import android.content.Context
 import android.net.Uri
+import android.util.Log
 import com.firebase.ui.auth.R
 import com.firebase.ui.auth.AuthException
 import com.firebase.ui.auth.AuthState
 import com.firebase.ui.auth.FirebaseAuthUI
 import com.firebase.ui.auth.configuration.AuthUIConfiguration
 import com.firebase.ui.auth.configuration.auth_provider.AuthProvider.Companion.canUpgradeAnonymous
 import com.firebase.ui.auth.configuration.auth_provider.AuthProvider.Companion.mergeProfile
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialCancelledException
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialException
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialHandler
 import com.firebase.ui.auth.util.EmailLinkPersistenceManager
 import com.firebase.ui.auth.util.EmailLinkParser
 import com.firebase.ui.auth.util.PersistenceManager
@@ -38,6 +42,7 @@ import com.google.firebase.auth.FirebaseAuthUserCollisionException
 import kotlinx.coroutines.CancellationException
 import kotlinx.coroutines.tasks.await
 
+private const val TAG = "EmailAuthProvider"
 
 /**
  * Creates an email/password account or links the credential to an anonymous user.
@@ -160,6 +165,22 @@ internal suspend fun FirebaseAuthUI.createOrLinkUserWithEmailAndPassword(
                 mergeProfile(auth, name, null)
             }
         }
+
+        // Save credentials to Credential Manager if enabled
+        if (config.isCredentialManagerEnabled) {
+            try {
+                val credentialHandler = PasswordCredentialHandler(context)
+                credentialHandler.savePassword(email, password)
+                Log.d(TAG, "Password credential saved successfully for: $email")
+            } catch (e: PasswordCredentialCancelledException) {
+                // User cancelled - this is fine, don't break the auth flow
+                Log.d(TAG, "User cancelled credential save for: $email")
+            } catch (e: PasswordCredentialException) {
+                // Failed to save - log but don't break the auth flow
+                Log.w(TAG, "Failed to save password credential for: $email", e)
+            }
+        }
+
         updateAuthState(AuthState.Idle)
         return result
     } catch (e: FirebaseAuthUserCollisionException) {
@@ -281,6 +302,7 @@ internal suspend fun FirebaseAuthUI.signInWithEmailAndPassword(
     email: String,
     password: String,
     credentialForLinking: AuthCredential? = null,
+    skipCredentialSave: Boolean = false,
 ): AuthResult? {
     try {
         updateAuthState(AuthState.Loading("Signing in..."))
@@ -361,7 +383,23 @@ internal suspend fun FirebaseAuthUI.signInWithEmailAndPassword(
                         result
                     }
                 }
-        }.also {
+        }.also { result ->
+            // Save credentials to Credential Manager if enabled
+            // Skip if user signed in with a retrieved credential (already saved)
+            if (config.isCredentialManagerEnabled && result != null && !skipCredentialSave) {
+                try {
+                    val credentialHandler = PasswordCredentialHandler(context)
+                    credentialHandler.savePassword(email, password)
+                    Log.d(TAG, "Password credential saved successfully for: $email")
+                } catch (e: PasswordCredentialCancelledException) {
+                    // User cancelled - this is fine, don't break the auth flow
+                    Log.d(TAG, "User cancelled credential save for: $email")
+                } catch (e: PasswordCredentialException) {
+                    // Failed to save - log but don't break the auth flow
+                    Log.w(TAG, "Failed to save password credential for: $email", e)
+                }
+            }
+
             updateAuthState(AuthState.Idle)
         }
     } catch (e: FirebaseAuthMultiFactorException) {
 
@@ -25,6 +25,24 @@ import androidx.credentials.exceptions.CreateCredentialException
 import androidx.credentials.exceptions.GetCredentialCancellationException
 import androidx.credentials.exceptions.GetCredentialException
 import androidx.credentials.exceptions.NoCredentialException
+import com.firebase.ui.auth.util.CredentialPersistenceManager
+
+/**
+ * Provider interface for obtaining CredentialManager instances.
+ * This allows test code to inject mock CredentialManager instances.
+ */
+interface CredentialManagerProvider {
+    fun getCredentialManager(context: Context): CredentialManager
+}
+
+/**
+ * Default implementation that creates a real CredentialManager instance.
+ */
+class DefaultCredentialManagerProvider : CredentialManagerProvider {
+    override fun getCredentialManager(context: Context): CredentialManager {
+        return CredentialManager.create(context)
+    }
+}
 
 /**
  * Handler for password credential operations using Android's Credential Manager.
@@ -33,11 +51,53 @@ import androidx.credentials.exceptions.NoCredentialException
  * the system credential manager, which displays native UI prompts to the user.
  *
  * @property context The Android context used for credential operations
+ * @property provider Optional provider for testing purposes
  */
 class PasswordCredentialHandler(
-    private val context: Context
+    private val context: Context,
+    provider: CredentialManagerProvider? = null
 ) {
-    private val credentialManager: CredentialManager = CredentialManager.create(context)
+    companion object {
+        /**
+         * Test-only provider for injecting mock CredentialManager instances.
+         * Set this in your test setup to override the default CredentialManager.
+         *
+         * Example:
+         * ```
+         * PasswordCredentialHandler.testCredentialManagerProvider = object : CredentialManagerProvider {
+         *     override fun getCredentialManager(context: Context) = mockCredentialManager
+         * }
+         * ```
+         */
+        @Volatile
+        var testCredentialManagerProvider: CredentialManagerProvider? = null
+
+        /**
+         * Checks if credentials have been saved at least once.
+         * This prevents unnecessary credential retrieval attempts.
+         *
+         * @param context The Android context
+         * @return true if credentials have been saved, false otherwise
+         */
+        suspend fun hasSavedCredentials(context: Context): Boolean {
+            return CredentialPersistenceManager.hasSavedCredentials(context)
+        }
+
+        /**
+         * Clears the saved credentials flag.
+         * Useful for testing or when user signs out permanently.
+         *
+         * @param context The Android context
+         */
+        suspend fun clearSavedCredentialsFlag(context: Context) {
+            CredentialPersistenceManager.clearSavedCredentialsFlag(context)
+        }
+    }
+
+    private val credentialManager: CredentialManager =
+        provider?.getCredentialManager(context)
+            ?: testCredentialManagerProvider?.getCredentialManager(context)
+            ?: CredentialManager.create(context)
 
     /**
      * Saves a password credential to the system credential manager.
@@ -62,6 +122,8 @@ class PasswordCredentialHandler(
 
         try {
             credentialManager.createCredential(context, request)
+            // Mark that credentials have been saved successfully
+            CredentialPersistenceManager.setCredentialsSaved(context)
         } catch (e: CreateCredentialCancellationException) {
             // User cancelled the save operation
             throw PasswordCredentialCancelledException("User cancelled password save operation", e)
 
@@ -35,6 +35,10 @@ import com.firebase.ui.auth.configuration.auth_provider.sendSignInLinkToEmail
 import com.firebase.ui.auth.configuration.auth_provider.signInWithEmailAndPassword
 import com.firebase.ui.auth.configuration.auth_provider.signInWithEmailLink
 import com.firebase.ui.auth.configuration.string_provider.LocalAuthUIStringProvider
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialCancelledException
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialException
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialHandler
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialNotFoundException
 import com.firebase.ui.auth.ui.components.LocalTopLevelDialogController
 import com.google.firebase.auth.AuthCredential
 import com.google.firebase.auth.AuthResult
@@ -95,6 +99,7 @@ class EmailAuthContentState(
     val onConfirmPasswordChange: (String) -> Unit,
     val displayName: String,
     val onDisplayNameChange: (String) -> Unit,
+    val onRetrievedCredential: (Pair<String, String>) -> Unit,
     val onSignInClick: () -> Unit,
     val onSignInEmailLinkClick: () -> Unit,
     val onSignUpClick: () -> Unit,
@@ -163,6 +168,9 @@ fun EmailAuthScreen(
     val resetLinkSent = authState is AuthState.PasswordResetLinkSent
     val emailSignInLinkSent = authState is AuthState.EmailSignInLinkSent
 
+    // Track if credentials were retrieved from Credential Manager
+    val retrievedCredential = remember { mutableStateOf<Pair<String, String>?>(null) }
+
     LaunchedEffect(authState) {
         Log.d("EmailAuthScreen", "Current state: $authState")
         when (val state = authState) {
@@ -237,15 +245,24 @@ fun EmailAuthScreen(
         onDisplayNameChange = { displayName ->
             displayNameValue.value = displayName
         },
+        onRetrievedCredential = { credential ->
+            retrievedCredential.value = credential
+        },
         onSignInClick = {
             coroutineScope.launch {
                 try {
+                    // Check if user is signing in with retrieved credentials
+                    val isUsingRetrievedCredential = retrievedCredential.value?.let { (email, password) ->
+                        email == emailTextValue.value && password == passwordTextValue.value
+                    } ?: false
+
                     authUI.signInWithEmailAndPassword(
                         context = context,
                         config = configuration,
                         email = emailTextValue.value,
                         password = passwordTextValue.value,
                         credentialForLinking = authCredentialForLinking,
+                        skipCredentialSave = isUsingRetrievedCredential
                     )
                 } catch (e: Exception) {
                     onError(AuthException.from(e))
@@ -350,6 +367,7 @@ private fun DefaultEmailAuthContent(
                 password = state.password,
                 onEmailChange = state.onEmailChange,
                 onPasswordChange = state.onPasswordChange,
+                onRetrievedCredential = state.onRetrievedCredential,
                 onSignInClick = state.onSignInClick,
                 onGoToSignUp = state.onGoToSignUp,
                 onGoToResetPassword = state.onGoToResetPassword,
 
@@ -14,6 +14,7 @@
 
 package com.firebase.ui.auth.ui.screens.email
 
+import android.util.Log
 import androidx.compose.foundation.layout.Column
 import androidx.compose.foundation.layout.PaddingValues
 import androidx.compose.foundation.layout.Row
@@ -46,7 +47,9 @@ import androidx.compose.material3.TopAppBar
 import androidx.compose.material3.rememberTooltipState
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.CompositionLocalProvider
+import androidx.compose.runtime.LaunchedEffect
 import androidx.compose.runtime.derivedStateOf
+import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
 import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
@@ -65,6 +68,10 @@ import com.firebase.ui.auth.configuration.string_provider.LocalAuthUIStringProvi
 import com.firebase.ui.auth.configuration.theme.AuthUITheme
 import com.firebase.ui.auth.configuration.validators.EmailValidator
 import com.firebase.ui.auth.configuration.validators.PasswordValidator
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialCancelledException
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialException
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialHandler
+import com.firebase.ui.auth.credentialmanager.PasswordCredentialNotFoundException
 import com.firebase.ui.auth.ui.components.AuthTextField
 import com.firebase.ui.auth.ui.components.LocalTopLevelDialogController
 import com.firebase.ui.auth.ui.components.TermsAndPrivacyForm
@@ -80,12 +87,14 @@ fun SignInUI(
     password: String,
     onEmailChange: (String) -> Unit,
     onPasswordChange: (String) -> Unit,
+    onRetrievedCredential: (Pair<String, String>) -> Unit,
     onSignInClick: () -> Unit,
     onGoToSignUp: () -> Unit,
     onGoToResetPassword: () -> Unit,
     onGoToEmailLinkSignIn: () -> Unit,
     onNavigateBack: (() -> Unit)? = null,
 ) {
+    val context = LocalContext.current
     val provider = configuration.providers.filterIsInstance<AuthProvider.Email>().first()
     val stringProvider = LocalAuthUIStringProvider.current
     val emailValidator = remember { EmailValidator(stringProvider) }
@@ -102,6 +111,45 @@ fun SignInUI(
         }
     }
 
+    // Retrieve saved credentials when in SignIn mode
+    val credentialRetrievalAttempted = remember { mutableStateOf(false) }
+
+    LaunchedEffect(Unit) {
+        if (configuration.isCredentialManagerEnabled &&
+            !credentialRetrievalAttempted.value &&
+            PasswordCredentialHandler.hasSavedCredentials(context)) {
+            credentialRetrievalAttempted.value = true
+
+            try {
+                val credentialHandler = PasswordCredentialHandler(context)
+                val credential = credentialHandler.getPassword()
+
+                Log.d("EmailAuthScreen", "Retrieved credential for: ${credential.username}")
+
+                // Auto-fill the email and password fields
+                onEmailChange(credential.username)
+                onPasswordChange(credential.password)
+
+                emailValidator.validate(credential.username)
+                passwordValidator.validate(credential.password)
+
+                // Store retrieved credential to compare later
+                onRetrievedCredential(Pair(credential.username, credential.password))
+
+                onSignInClick()
+            } catch (e: PasswordCredentialNotFoundException) {
+                Log.d("EmailAuthScreen", "No saved credentials found")
+                // No credentials saved - user will enter manually
+            } catch (e: PasswordCredentialCancelledException) {
+                Log.d("EmailAuthScreen", "User cancelled credential selection")
+                // User cancelled - let them enter manually
+            } catch (e: PasswordCredentialException) {
+                Log.w("EmailAuthScreen", "Failed to retrieve credentials", e)
+                // Failed to retrieve - let them enter manually
+            }
+        }
+    }
+
     Scaffold(
         modifier = modifier,
         topBar = {
@@ -289,6 +337,7 @@ fun PreviewSignInUI() {
                 emailSignInLinkSent = false,
                 onEmailChange = { email -> },
                 onPasswordChange = { password -> },
+                onRetrievedCredential = { credential -> },
                 onSignInClick = {},
                 onGoToSignUp = {},
                 onGoToResetPassword = {},