Repository files navigation

Flutter Smart Auth

Need anything Flutter related? Reach outonLinkedIn

Flutter package for listening SMS code on Android, suggesting phone number, email, saving acredential.

If you need pin code input like shown below, take a look atthePinput package.

• Android SMS Autofill
  • SMS RetrieverAPI
  • SMS UserConsentAPI
• Showing Phone numberhintsAPI

DiscordChannel

Example

Don't forget to give it a star ⭐

If you want to contribute to this project, please read thecontribution guide.

If you areusinglegacy imperative apply

// android/build.gradlebuildscript {    ext.kotlin_version = '1.8.0'    ...others    dependencies {        classpath 'com.android.tools.build:gradle:8.3.2'        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"    }}

If you are usingnewdeclarative plugin approach

// android/settings.gradleplugins {    id "org.jetbrains.kotlin.android" version "1.8.0" apply false    id "com.android.application" version "8.3.2" apply false    ...others}

// android/gradle/wrapper/gradle-wrapper.propertiesdistributionUrl=https\://services.gradle.org/distributions/gradle-8.4-all.zip

// android/app/build.gradlecompileOptions {    sourceCompatibility = JavaVersion.VERSION_11    targetCompatibility = JavaVersion.VERSION_11}kotlinOptions {    jvmTarget = '11'}

final smartAuth=SmartAuth.instance;

The Phone Number Hint API, a library powered by Google Play services, provides a frictionless way toshow a user’s (SIM-based) phone numbers as a hint.

The benefits to using Phone Number Hint include the following:

• No additional permission requests are needed
• Eliminates the need for the user to manually type in the phone number
• No Google account is needed
• Not directly tied to sign in/up workflows
• Wider support for Android versions compared to Autofill

voidrequestPhoneNumberHint()async {final res=await smartAuth.requestPhoneNumberHint();if (res.hasData) {// Use the phone number  }else {// Handle error  }}

The SMS User Consent API complements the SMS Retriever API by allowing an app to prompt the user togrant access to the content of a single SMS message. When a user gives consent, the app will thenhave access to the entire message body to automatically complete SMS verification. The verificationflow looks like this:

1. A user initiates SMS verification in your app. Your app might prompt the user to provide a phonenumber manually or request the phone number hint by callingrequestPhoneNumberHint method.
2. Your app makes a request to your server to verify the user's phone number. Depending on whatinformation is available in your user database, this request might include the user's ID, theuser's phone number, or both.
3. At the same time, your app calls thegetSmsWithUserConsentApi to show the user a dialog togrant access to the SMS message.
4. Your server sends an SMS message to the user that includes a one-time code to be sent back toyour server.
5. When the user's device receives the SMS message, thegetSmsWithUserConsentApi will extract theone-time code from the message text and you have to send it back to your server.
6. Your server receives the one-time code from your app, verifies the code, and finally records thatthe user has successfully verified their account.

voidgetSmsWithUserConsentApi()async {final res=await smartAuth.getSmsWithUserConsentApi();if (res.hasData) {final code= res.requireData.code;/// The code can be null if the SMS was received but the code was not extracted from itif (code==null)return;//  Use the code  }elseif (res.isCanceled) {// User canceled the dialog  }else {// handle the error  }}

With the SMS Retriever API, you can perform SMS-based user verification in your Android appautomatically, without requiring the user to manually type verification codes, and without requiringany extra app permissions. When you implement automatic SMS verification in your app, theverification flow looks like this:

1. A user initiates SMS verification in your app. Your app might prompt the user to provide a phonenumber manually or request the phone number hint by callingrequestPhoneNumberHint method.
2. Your app makes a request to your server to verify the user's phone number. Depending on whatinformation is available in your user database, this request might include the user's ID, theuser's phone number, or both.
3. At the same time, your app calls thegetSmsWithRetrieverApi to begin listening for an SMSresponse from your server.
4. Your server sends an SMS message to the user that includes a one-time code to be sent back toyour server, and a hash that identifies your app.
5. When the user's device receives the SMS message, Google Play services uses the app hash todetermine that the message is intended for your app, and makes the message text available to yourapp through the SMS Retriever API.
6. ThegetSmsWithRetrieverApi will extract the one-time code from the message text and you have tosend it back to your server.
7. Your server receives the one-time code from your app, verifies the code, and finally records thatthe user has successfully verified their account.

voidgetSmsWithRetrieverApi()async {final res=await smartAuth.getSmsWithRetrieverApi();if (res.hasData) {final code= res.requireData.code;/// The code can be null if the SMS was received but the code was not extracted from itif (code==null)return;//  Use the code  }else {// handle the error  }}

The plugin automatically removes listeners after receiving the code, if not you can remove them bycalling theremoveUserConsentApiListener orremoveSmsRetrieverApiListener method.

voidremoveSmsListener() {  smartAuth.removeUserConsentApiListener();// or  smartAuth.removeSmsRetrieverApiListener();}