This project aims to provide implementation of secure flow of SafetyNet Attestation API by Google.
SafetyNet is a mechanism designed to check whether a mobile device has been tampered. It means that it could be rooted, runs a custom ROM or has been infected with a malware.
The secure flow is a implementation of SafetyNet Attestation that is performed on the server instead of a mobile phone.
More on that topic: https://www.synopsys.com/blogs/software-security/using-safetynet-api/
This project contains two endpoints - first one gets nonce and second one verifies JWT token obtained from Google services.
GET /nonce?login=username&deviceId=uniqueDeviceId HTTP/1.1
In order to get a nonce application needs to send user login and unique device id.
Service generates unique nonce and stores it along given login and device id in the temporary cache with TTL.
POST /login HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"login": "username",
"password": "mySecretPassword",
"jwt": "eyJhbGciOiJSU..."
This endpoint is responsible for user 'login' along with verification of jwt token.
./gradlew clean test
- Krzysztof Kocel - kkocel
This project is licensed under the Apache License 2.0 - see the LICENSE file for details