Skip to main content

Android

Prerequisites

Passkeys

Passkeys are implemented using the Credential Manager API and synced via Google Password Manager. Passkeys are supported only on devices running Android 9 (API 28) or higher.

To use passkeys you must setup a Digital Asset Links JSON file on your web domain.

  1. Host an assetlinks.json file on the domain that matches your relying party:

    GET https://<yourrelyingparty>/.well-known/assetlins.json

  2. The response JSON should look something like this:

    [{
     "relation": ["delegate_permission/common.get_login_creds"],
     "target": {
       "namespace": "android_app",
       "package_name": "com.example",
       "sha256_cert_fingerprints": [
         "FA:C6:17:45:DC:09:03:78:6F:B9:ED:E6:2A:96:2B:39:9F:73:48:F0:BB:6F:89:9B:83:32:66:75:91:03:3B:9C"
       ]
     }
    }]

    but with the package name and SHA256 fingerprint updated to match your own app.

Installation

Ensure that you have mavenCentral listed in your project's buildscript repositories section:

buildscript {
  repositories {
    mavenCentral()
    ...
  }
}

Add the following to your app's build.gradle file:

Passkeys

implementation 'com.authsignal:authsignal-passkey-android:0.0.5'

Push

implementation 'com.authsignal:authsignal-push-android:0.1.12'

Initialization

Passkeys

import com.authsignal.passkey.AuthsignalPasskey
...

val authsignalPasskey = AuthsignalPasskey("YOUR_TENANT_ID", "YOUR_REGION_BASE_URL")

Push

import com.authsignal.push.AuthsignalPush
...

val authsignalPush = AuthsignalPush("YOUR_TENANT_ID", "YOUR_REGION_BASE_URL")

You can find your tenant ID in the Authsignal Portal.

You must specify the correct base URL for your tenant's region.

RegionBase URL
US (Oregon)https://api.authsignal.com/v1
AU (Sydney)https://au.api.authsignal.com/v1
EU (Dublin)https://eu.api.authsignal.com/v1

Passkeys

Registering a new passkey

To register a new passkey, you first need to request a token via track. If the user is new, create a record for them in your own DB and pass their ID to Authsignal server-side to get a token, which can then be passed to the Android SDK along with their username.

val result = authsignalPasskey.signUp(initialToken, userName)

result.error.let {
  Log.e(TAG, it);
}

result.data.let {
   // Pass this short-lived result token to your backend to validate that passkey registration succeeded
}

Authenticating with an existing passkey

To handle re-authenticating with an existing passkey, lookup the user by their username in your backend and then pass their ID to track to get a token, which can then be passed to the Android SDK.

val result = authsignalPasskey.signIn(initialToken)

result.error.let {
  Log.e(TAG, it);
}

result.data.let {
   // Pass this short-lived result token to your backend to validate that passkey authentication succeeded
}

After the user authenticates with their passkey, the SDK will return a short-lived token which should be passed to your backend to validate the result of the challenge server-side.

Push

Adding a device credential

Adding a new credential must be authorised with a short-lived token. You can obtain this by tracking an action which will return a token in the response. This should be done at a point in your application when the user is strongly authenticated.

authsignalPush.addCredential(token)

Removing a device credential

authsignalPush.removeCredential()

Getting a challenge

val challengeId = authsignalPush.getChallenge()

Updating a challenge

val approved: Boolean = true // true if the user has approved the challenge

authsignalPush.updateChallenge(challengeId, approved)