Android
Prerequisites
Passkeys
On Android, passkeys are implemented using the Credential Manager API and synced via Google Password Manager. Passkeys are supported only on devices running Android 9 (API 28) or higher.
To use passkeys on Android you must setup a Digital Asset Links JSON file on your web domain.
Host an
assetlinks.json
file on the domain that matches your relying party:GET https://<yourrelyingparty>/.well-known/assetlinks.json
The response JSON should look something like this:
[{
"relation": ["delegate_permission/common.get_login_creds"],
"target": {
"namespace": "android_app",
"package_name": "com.example",
"sha256_cert_fingerprints": [
"FA:C6:17:45:DC:09:03:78:6F:B9:ED:E6:2A:96:2B:39:9F:73:48:F0:BB:6F:89:9B:83:32:66:75:91:03:3B:9C"
]
}
}]but with the package name and SHA256 fingerprint updated to match your own app.
Installation
Ensure that you have mavenCentral
listed in your project's buildscript repositories section:
buildscript {
repositories {
mavenCentral()
...
}
}
Add the following to your app's build.gradle file:
Passkeys
implementation 'com.authsignal:authsignal-passkey-android:0.1.3'
Push
implementation 'com.authsignal:authsignal-push-android:0.2.3'
Initialization
Passkeys
import com.authsignal.passkey.AuthsignalPasskey
...
val authsignalPasskey = AuthsignalPasskey("YOUR_TENANT_ID", "YOUR_REGION_BASE_URL")
Push
import com.authsignal.push.AuthsignalPush
...
val authsignalPush = AuthsignalPush("YOUR_TENANT_ID", "YOUR_REGION_BASE_URL")
You can find your tenant ID in the Authsignal Portal.
You must specify the correct base URL for your tenant's region.
Region | Base URL |
---|---|
US (Oregon) | https://api.authsignal.com/v1 |
AU (Sydney) | https://au.api.authsignal.com/v1 |
EU (Dublin) | https://eu.api.authsignal.com/v1 |
Passkeys
For more detail on passkeys refer to our getting started guide.
Registering a new passkey
val result = authsignalPasskey.signUp(token, userName)
Authenticating with an existing passkey
val result = authsignalPasskey.signIn()
Push
Adding a device credential
Adding a new credential must be authorized with a short-lived token. You can obtain this by tracking an action which will return a token in the response. This should be done at a point in your application when the user is strongly authenticated.
authsignalPush.addCredential(token)
Removing a device credential
authsignalPush.removeCredential()
Getting a challenge
val challengeId = authsignalPush.getChallenge()
Updating a challenge
val approved: Boolean = true // true if the user has approved the challenge
authsignalPush.updateChallenge(challengeId, approved)