CredentialAuthExtensionsKt

Added in 1.4.0-alpha02

Kotlin |Java

public final class CredentialAuthExtensionsKt

Summary

Public methods
`static final @NonNull BiometricPrompt.AuthenticationResult`	`@RequiresApi(value = 30) authenticate( @NonNull <Error class: unknown class> receiver, @NonNull <Error class: unknown class> host, BiometricPrompt.CryptoObject crypto )` Shows an authentication prompt to the user.
`static final @NonNull BiometricPrompt.AuthenticationResult`	`@RequiresApi(value = 30) authenticateWithCredentials( @NonNull Fragment receiver, BiometricPrompt.CryptoObject crypto, @NonNull CharSequence title, CharSequence description )` Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.
`static final @NonNull BiometricPrompt.AuthenticationResult`	`@RequiresApi(value = 30) authenticateWithCredentials( @NonNull FragmentActivity receiver, BiometricPrompt.CryptoObject crypto, @NonNull CharSequence title, CharSequence description )` Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.
`static final @NonNull <Error class: unknown class>`	`@RequiresApi(value = 30) startCredentialAuthentication( @NonNull Fragment receiver, BiometricPrompt.CryptoObject crypto, @NonNull CharSequence title, CharSequence description, Executor executor, @NonNull <Error class: unknown class> callback )` Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.
`static final @NonNull <Error class: unknown class>`	`@RequiresApi(value = 30) startCredentialAuthentication( @NonNull FragmentActivity receiver, BiometricPrompt.CryptoObject crypto, @NonNull CharSequence title, CharSequence description, Executor executor, @NonNull <Error class: unknown class> callback )` Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.

Public methods

authenticate

Artifact: androidx.biometric:biometric-ktx

View Source

@RequiresApi(value = 30)
public static final @NonNull BiometricPrompt.AuthenticationResult authenticate(
    @NonNull <Error class: unknown class> receiver,
    @NonNull <Error class: unknown class> host,
    BiometricPrompt.CryptoObject crypto
)

Shows an authentication prompt to the user.

import androidx.biometric.BiometricPrompt
import androidx.biometric.auth.AuthPromptErrorException
import androidx.biometric.auth.AuthPromptFailureException
import androidx.biometric.auth.AuthPromptHost
import androidx.biometric.auth.CredentialAuthPrompt
import androidx.biometric.auth.authenticate

// To use credential authentication, we need to create a CryptoObject.
// First create a spec for the key to be generated.
val keyPurpose = KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
val keySpec =
    KeyGenParameterSpec.Builder(KEY_NAME, keyPurpose)
        .apply {
            setBlockModes(KeyProperties.BLOCK_MODE_CBC)
            setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
            setUserAuthenticationRequired(true)

            // Require authentication for each use of the key.
            val timeout = 0
            // Set the key type according to the allowed auth type.
            val keyType = KeyProperties.AUTH_DEVICE_CREDENTIAL
            setUserAuthenticationParameters(timeout, keyType)
        }
        .build()

// Generate and store the key in the Android keystore.
KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, KEYSTORE_INSTANCE).run {
    init(keySpec)
    generateKey()
}

// Prepare the crypto object to use for authentication.
val cipher =
    Cipher.getInstance(
            "${KeyProperties.KEY_ALGORITHM_AES}/${KeyProperties.BLOCK_MODE_CBC}/" +
                KeyProperties.ENCRYPTION_PADDING_PKCS7
        )
        .apply {
            val keyStore = KeyStore.getInstance(KEYSTORE_INSTANCE).apply { load(null) }
            init(Cipher.ENCRYPT_MODE, keyStore.getKey(KEY_NAME, null) as SecretKey)
        }

val cryptoObject = BiometricPrompt.CryptoObject(cipher)
val payload = "A message to encrypt".toByteArray(Charset.defaultCharset())

// Construct AuthPrompt with localized Strings to be displayed to UI.
val authPrompt =
    CredentialAuthPrompt.Builder(title).apply { setDescription(description) }.build()

try {
    val authResult = authPrompt.authenticate(AuthPromptHost(this), cryptoObject)

    // Encrypt a payload using the result of crypto-based auth.
    val encryptedPayload = authResult.cryptoObject?.cipher?.doFinal(payload)

    // Use the encrypted payload somewhere interesting.
    sendEncryptedPayload(encryptedPayload)
} catch (e: AuthPromptErrorException) {
    // Handle irrecoverable error during authentication.
    // Possible values for AuthPromptErrorException.errorCode are listed in the @IntDef,
    // androidx.biometric.BiometricPrompt.AuthenticationError.
} catch (e: AuthPromptFailureException) {
    // Handle auth failure due biometric credentials being rejected.
}

Parameters
`@NonNull <Error class: unknown class> host`	A wrapper for the component that will host the prompt.
`BiometricPrompt.CryptoObject crypto`	A cryptographic object to be associated with this authentication.

Returns
`@NonNull BiometricPrompt.AuthenticationResult`	`AuthenticationResult` for a successful authentication.

Throws
`androidx.biometric.auth.AuthPromptErrorException`	when an unrecoverable error has been encountered and authentication has stopped.
`androidx.biometric.auth.AuthPromptFailureException`	when an authentication attempt by the user has been rejected.

See also
`CredentialAuthPrompt.authenticate`	( AuthPromptHost host, BiometricPrompt.CryptoObject, AuthPromptCallback )

authenticateWithCredentials

Artifact: androidx.biometric:biometric-ktx

View Source

@RequiresApi(value = 30)
public static final @NonNull BiometricPrompt.AuthenticationResult authenticateWithCredentials(
    @NonNull Fragment receiver,
    BiometricPrompt.CryptoObject crypto,
    @NonNull CharSequence title,
    CharSequence description
)

Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.

Parameters
`BiometricPrompt.CryptoObject crypto`	A cryptographic object to be associated with this authentication.
`@NonNull CharSequence title`	The title to be displayed on the prompt.
`CharSequence description`	An optional description to be displayed on the prompt.

Returns
`@NonNull BiometricPrompt.AuthenticationResult`	`AuthenticationResult` for a successful authentication.

Throws
`androidx.biometric.auth.AuthPromptErrorException`	when an unrecoverable error has been encountered and authentication has stopped.
`androidx.biometric.auth.AuthPromptFailureException`	when an authentication attempt by the user has been rejected.

See also
`CredentialAuthPrompt`

authenticateWithCredentials

Artifact: androidx.biometric:biometric-ktx

View Source

@RequiresApi(value = 30)
public static final @NonNull BiometricPrompt.AuthenticationResult authenticateWithCredentials(
    @NonNull FragmentActivity receiver,
    BiometricPrompt.CryptoObject crypto,
    @NonNull CharSequence title,
    CharSequence description
)

Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.

Parameters
`BiometricPrompt.CryptoObject crypto`	A cryptographic object to be associated with this authentication.
`@NonNull CharSequence title`	The title to be displayed on the prompt.
`CharSequence description`	An optional description to be displayed on the prompt.

Returns
`@NonNull BiometricPrompt.AuthenticationResult`	`AuthenticationResult` for a successful authentication.

Throws
`androidx.biometric.auth.AuthPromptErrorException`	when an unrecoverable error has been encountered and authentication has stopped.
`androidx.biometric.auth.AuthPromptFailureException`	when an authentication attempt by the user has been rejected.

See also
`CredentialAuthPrompt`

startCredentialAuthentication

Artifact: androidx.biometric:biometric-ktx

View Source

@RequiresApi(value = 30)
public static final @NonNull <Error class: unknown class> startCredentialAuthentication(
    @NonNull Fragment receiver,
    BiometricPrompt.CryptoObject crypto,
    @NonNull CharSequence title,
    CharSequence description,
    Executor executor,
    @NonNull <Error class: unknown class> callback
)

Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.

Parameters
`BiometricPrompt.CryptoObject crypto`	A cryptographic object to be associated with this authentication.
`@NonNull CharSequence title`	The title to be displayed on the prompt.
`CharSequence description`	An optional description to be displayed on the prompt.
`Executor executor`	An executor for `callback` methods. If `null`, these will run on the main thread.
`@NonNull <Error class: unknown class> callback`	The object that will receive and process authentication events.

Returns
`@NonNull <Error class: unknown class>`	An AuthPrompt handle to the shown prompt.

See also
`CredentialAuthPrompt`

startCredentialAuthentication

Artifact: androidx.biometric:biometric-ktx

View Source

@RequiresApi(value = 30)
public static final @NonNull <Error class: unknown class> startCredentialAuthentication(
    @NonNull FragmentActivity receiver,
    BiometricPrompt.CryptoObject crypto,
    @NonNull CharSequence title,
    CharSequence description,
    Executor executor,
    @NonNull <Error class: unknown class> callback
)

Prompts the user to authenticate with the screen lock credential (i.e. PIN, pattern, or password) for the device.

Parameters
`BiometricPrompt.CryptoObject crypto`	A cryptographic object to be associated with this authentication.
`@NonNull CharSequence title`	The title to be displayed on the prompt.
`CharSequence description`	An optional description to be displayed on the prompt.
`Executor executor`	An executor for `callback` methods. If `null`, these will run on the main thread.
`@NonNull <Error class: unknown class> callback`	The object that will receive and process authentication events.

Returns
`@NonNull <Error class: unknown class>`	An AuthPrompt handle to the shown prompt.

See also
`CredentialAuthPrompt`