Android
Prerequisites
Passkeys
Passkeys are implemented using the Credential Manager API and synced via Google Password Manager. Passkeys are supported only on devices running Android 9 (API 28) or higher.
To use passkeys you must setup a Digital Asset Links JSON file on your web domain.
Host an
assetlinks.json
file on the domain that matches your relying party:GET https://<yourrelyingparty>/.well-known/assetlins.json
The response JSON should look something like this:
[{
"relation": ["delegate_permission/common.get_login_creds"],
"target": {
"namespace": "android_app",
"package_name": "com.example",
"sha256_cert_fingerprints": [
"FA:C6:17:45:DC:09:03:78:6F:B9:ED:E6:2A:96:2B:39:9F:73:48:F0:BB:6F:89:9B:83:32:66:75:91:03:3B:9C"
]
}
}]but with the package name and SHA256 fingerprint updated to match your own app.
Installation
Ensure that you have mavenCentral
listed in your project's buildscript repositories section:
buildscript {
repositories {
mavenCentral()
...
}
}
Add the following to your app's build.gradle file:
Passkeys
implementation 'com.authsignal:authsignal-passkey-android:0.0.5'
Push
implementation 'com.authsignal:authsignal-push-android:0.1.12'
Initialization
Passkeys
import com.authsignal.passkey.AuthsignalPasskey
...
val authsignalPasskey = AuthsignalPasskey("YOUR_TENANT_ID", "YOUR_REGION_BASE_URL")
Push
import com.authsignal.push.AuthsignalPush
...
val authsignalPush = AuthsignalPush("YOUR_TENANT_ID", "YOUR_REGION_BASE_URL")
You can find your tenant ID in the Authsignal Portal.
You must specify the correct base URL for your tenant's region.
Region | Base URL |
---|---|
US (Oregon) | https://api.authsignal.com/v1 |
AU (Sydney) | https://au.api.authsignal.com/v1 |
EU (Dublin) | https://eu.api.authsignal.com/v1 |
Passkeys
Registering a new passkey
To register a new passkey, you first need to request a token via track. If the user is new, create a record for them in your own DB and pass their ID to Authsignal server-side to get a token, which can then be passed to the Android SDK along with their username.
val result = authsignalPasskey.signUp(initialToken, userName)
result.error.let {
Log.e(TAG, it);
}
result.data.let {
// Pass this short-lived result token to your backend to validate that passkey registration succeeded
}
Authenticating with an existing passkey
To handle re-authenticating with an existing passkey, lookup the user by their username in your backend and then pass their ID to track to get a token, which can then be passed to the Android SDK.
val result = authsignalPasskey.signIn(initialToken)
result.error.let {
Log.e(TAG, it);
}
result.data.let {
// Pass this short-lived result token to your backend to validate that passkey authentication succeeded
}
After the user authenticates with their passkey, the SDK will return a short-lived token which should be passed to your backend to validate the result of the challenge server-side.
Push
Adding a device credential
Adding a new credential must be authorised with a short-lived token. You can obtain this by tracking an action which will return a token in the response. This should be done at a point in your application when the user is strongly authenticated.
authsignalPush.addCredential(token)
Removing a device credential
authsignalPush.removeCredential()
Getting a challenge
val challengeId = authsignalPush.getChallenge()
Updating a challenge
val approved: Boolean = true // true if the user has approved the challenge
authsignalPush.updateChallenge(challengeId, approved)