/android-fido

Quickstart sample for the Android FIDO API

Primary LanguageJavaApache License 2.0Apache-2.0

Android FIDO2 API Sample

A sample app showing how to register and authenticate with Public Key Credentials using the FIDO2 API.

FIDO2 API is used for devices running Android N (API level 24) or newer.

Introduction

The Android FIDO2 API provides a FIDO Alliance certified implementation of a WebAuthn Client for Android. The API supports the use of roaming authenticators such as BLE, NFC, and USB security keys as well as platform authenticators, which allow users to authenticate using their fingerprint or screenlock.

It is relying party's responsibility to manage registered keys. In the sample app, the keys are managed by WebAuthn demo server (source code), however, in production use cases, the relying party should implement their own storage.

The FIDO2 API entry point is the Fido2ApiClient.

/* Get an instance of the API client. */
Fido2ApiClient fido2ApiClient = Fido.getFido2ApiClient(this /* calling activity */);

The Fido2ApiClient provides methods to allow your app to register new credentials (registration) as well as authenticate using existing credentials (signing)

Task<Fido2PendingIntent> fido2PendingIntent =
    fido2ApiClient.getRegisterIntent(
        publicKeyCredentialsCreationOptions);

Task<Fido2PendingIntent> fido2PendingIntent =
    fido2ApiClient.getSignIntent(
        publicKeyCredentialsRequestOptions);

Once the Fido2PendingIntent is received, it can be launched using the callback:

result.addOnSuccessListener(
     new OnSuccessListener<Fido2PendingIntent>() {
       @Override
       public void onSuccess(Fido2PendingIntent fido2PendingIntent) {
         if (fido2PendingIntent.hasPendingIntent()) {
           // Start a FIDO2 registration request.
           fido2PendingIntent.launchPendingIntent(this, REQUEST_CODE_REGISTER);
           // For a FIDO2 sign request.
           // fido2PendingIntent.launchPendingIntent(this, REQUEST_CODE_SIGN);
         }
       }
     });

 result.addOnFailureListener(
     new OnFailureListener() {
       @Override
       public void onFailure(Exception e) {
           // fail
       }
     });

The result is handled in onActivityResult():

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
  if (resultCode != RESULT_OK) {
    // Something went wrong
  }

  switch(requestCode) {
    case REQUEST_CODE_REGISTER:
      AuthenticatorAttestationResponse response =
        AuthenticatorAttestationResponse.deserializeFromBytes(
          data.getByteArrayExtra(Fido.FIDO2_KEY_RESPONSE_EXTRA));
      // Do something useful
      break;
    case REQUEST_CODE_SIGN:
      AuthenticatorAssertionResponse response =
        AuthenticatorAssertionResponse.deserializeFromBytes(
          data.getByteArrayExtra(Fido.FIDO2_KEY_RESPONSE_EXTRA));
      // Do something useful
      break;
    default:
      // Something went wrong
  }
}

Pre-requisites

  • Android SDK 26
  • Android Build Tools v25.0.3

Getting Started

To install the sample app on your Android device or emulator, run ./gradlew :app:installRelease. This will install the release configuration, which uses the bundled keystore file to make the app work with the demo server.

Support

If you've found an error in this sample, please file an issue: https://github.com/googlesamples/android-fido

Patches are encouraged, and may be submitted by forking this project and submitting a pull request through GitHub. Please see CONTRIBUTING.md for more details.

License

Copyright 2019 Google Inc. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.