One of the methods of protecting sensitive information or private content in your apps is to require biometric authentication, such as using facial recognition or fingerprint recognition. This tutorial explains how to support biometric login flow in your application.
Declare the types of authentication that the app you support
To determine the types of authen your application supports, use the BiometricManager.Authenticators interface. The system allows you to declare the following types of authentication:
Authenticate using hardware meets the strength level as defined on the compatibility definition page .
Authenticate using hardware that meets the weak level as defined on the compatibility definition page .
Authenticate using screen lock credentials – the user’s PIN, pattern, or password.
To register for the authenticator, users need to create a PIN, pattern or password. If the user hasn’t already, the biometric registration process prompts them to create these.
To determine the types of biometric authentication your application uses, pass an authentication type or a bitwise combination of the types into the setAllowedAuthenticators () method . The following code snippet shows how to support authentication using a “strong” hardware element or a screen lock proof of authentication.
1 2 3 4 5 6 7 8 9 10 11 | <span class="token comment">// Allows user to authenticate using either a "strong" hardware element or</span> <span class="token comment">// their lock screen credential (PIN, pattern, or password).</span> promptInfo <span class="token operator">=</span> BiometricPrompt <span class="token punctuation">.</span> PromptInfo <span class="token punctuation">.</span> <span class="token function">Builder</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setTitle</span> <span class="token punctuation">(</span> <span class="token string">"Biometric login for my app"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setSubtitle</span> <span class="token punctuation">(</span> <span class="token string">"Log in using your biometric credential"</span> <span class="token punctuation">)</span> <span class="token comment">// Can't call setNegativeButtonText() and</span> <span class="token comment">// setAllowedAuthenticators(... or DEVICE_CREDENTIAL) at the same time.</span> <span class="token comment">// .setNegativeButtonText("Use account password")</span> <span class="token punctuation">.</span> <span class="token function">setAllowedAuthenticators</span> <span class="token punctuation">(</span> BIOMETRIC_STRONG <span class="token operator">or</span> DEVICE_CREDENTIAL <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">build</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> |
Check if biometric validation is possible
After you decide on the authentication factors your app supports, check to see if they are available. To do so, pass the same bitwise association that you declared earlier to the canAuthenticate () method . If necessary, call intent action ACTION_BIOMETRIC_ENROLL . In the intent extra, provide the set of validators that your application accepts. This intent prompts users to register credentials for the validators your application accepts.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | <span class="token keyword">val</span> biometricManager <span class="token operator">=</span> BiometricManager <span class="token punctuation">.</span> <span class="token function">from</span> <span class="token punctuation">(</span> <span class="token keyword">this</span> <span class="token punctuation">)</span> <span class="token keyword">when</span> <span class="token punctuation">(</span> biometricManager <span class="token punctuation">.</span> <span class="token function">canAuthenticate</span> <span class="token punctuation">(</span> BIOMETRIC_STRONG <span class="token operator">or</span> DEVICE_CREDENTIAL <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> BiometricManager <span class="token punctuation">.</span> BIOMETRIC_SUCCESS <span class="token operator">-></span> Log <span class="token punctuation">.</span> <span class="token function">d</span> <span class="token punctuation">(</span> <span class="token string">"MY_APP_TAG"</span> <span class="token punctuation">,</span> <span class="token string">"App can authenticate using biometrics."</span> <span class="token punctuation">)</span> BiometricManager <span class="token punctuation">.</span> BIOMETRIC_ERROR_NO_HARDWARE <span class="token operator">-></span> Log <span class="token punctuation">.</span> <span class="token function">e</span> <span class="token punctuation">(</span> <span class="token string">"MY_APP_TAG"</span> <span class="token punctuation">,</span> <span class="token string">"No biometric features available on this device."</span> <span class="token punctuation">)</span> BiometricManager <span class="token punctuation">.</span> BIOMETRIC_ERROR_HW_UNAVAILABLE <span class="token operator">-></span> Log <span class="token punctuation">.</span> <span class="token function">e</span> <span class="token punctuation">(</span> <span class="token string">"MY_APP_TAG"</span> <span class="token punctuation">,</span> <span class="token string">"Biometric features are currently unavailable."</span> <span class="token punctuation">)</span> BiometricManager <span class="token punctuation">.</span> BIOMETRIC_ERROR_NONE_ENROLLED <span class="token operator">-></span> <span class="token punctuation">{</span> <span class="token comment">// Prompts the user to create credentials that your app accepts.</span> <span class="token keyword">val</span> enrollIntent <span class="token operator">=</span> <span class="token function">Intent</span> <span class="token punctuation">(</span> Settings <span class="token punctuation">.</span> ACTION_BIOMETRIC_ENROLL <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">apply</span> <span class="token punctuation">{</span> <span class="token function">putExtra</span> <span class="token punctuation">(</span> Settings <span class="token punctuation">.</span> EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED <span class="token punctuation">,</span> BIOMETRIC_STRONG <span class="token operator">or</span> DEVICE_CREDENTIAL <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token function">startActivityForResult</span> <span class="token punctuation">(</span> enrollIntent <span class="token punctuation">,</span> REQUEST_CODE <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> |
Determine how users authenticate
After the user authenticates, you can check if the user is authenticated with the device credentials or the biometric credentials by calling getAuthenticationType () .
Show login prompt
To display a system prompt that asks the user to authenticate using biometric credentials, use Biometric Librator . This system-provided Dialog is consistent across the applications that use it, resulting in a more reliable user experience.
Steps to add biometric authentication to your app using Biometric library:
- In the app / build.gradle file, add the dependency Biometric library:
1 2 3 4 | dependencies <span class="token punctuation">{</span> implementation <span class="token string">'androidx.biometric:biometric:1.0.1'</span> <span class="token punctuation">}</span> |
- In an activity or fragment using a biometric login dialog, display a dialog like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | <span class="token keyword">private</span> <span class="token keyword">lateinit</span> <span class="token keyword">var</span> executor <span class="token operator">:</span> Executor <span class="token keyword">private</span> <span class="token keyword">lateinit</span> <span class="token keyword">var</span> biometricPrompt <span class="token operator">:</span> BiometricPrompt <span class="token keyword">private</span> <span class="token keyword">lateinit</span> <span class="token keyword">var</span> promptInfo <span class="token operator">:</span> BiometricPrompt <span class="token punctuation">.</span> PromptInfo <span class="token keyword">override</span> <span class="token keyword">fun</span> <span class="token function">onCreate</span> <span class="token punctuation">(</span> savedInstanceState <span class="token operator">:</span> Bundle <span class="token operator">?</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">super</span> <span class="token punctuation">.</span> <span class="token function">onCreate</span> <span class="token punctuation">(</span> savedInstanceState <span class="token punctuation">)</span> <span class="token function">setContentView</span> <span class="token punctuation">(</span> R <span class="token punctuation">.</span> layout <span class="token punctuation">.</span> activity_login <span class="token punctuation">)</span> executor <span class="token operator">=</span> ContextCompat <span class="token punctuation">.</span> <span class="token function">getMainExecutor</span> <span class="token punctuation">(</span> <span class="token keyword">this</span> <span class="token punctuation">)</span> biometricPrompt <span class="token operator">=</span> <span class="token function">BiometricPrompt</span> <span class="token punctuation">(</span> <span class="token keyword">this</span> <span class="token punctuation">,</span> executor <span class="token punctuation">,</span> <span class="token keyword">object</span> <span class="token operator">:</span> BiometricPrompt <span class="token punctuation">.</span> <span class="token function">AuthenticationCallback</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">override</span> <span class="token keyword">fun</span> <span class="token function">onAuthenticationError</span> <span class="token punctuation">(</span> errorCode <span class="token operator">:</span> Int <span class="token punctuation">,</span> errString <span class="token operator">:</span> CharSequence <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">super</span> <span class="token punctuation">.</span> <span class="token function">onAuthenticationError</span> <span class="token punctuation">(</span> errorCode <span class="token punctuation">,</span> errString <span class="token punctuation">)</span> Toast <span class="token punctuation">.</span> <span class="token function">makeText</span> <span class="token punctuation">(</span> applicationContext <span class="token punctuation">,</span> <span class="token string">"Authentication error: <span class="token interpolation variable">$errString</span> "</span> <span class="token punctuation">,</span> Toast <span class="token punctuation">.</span> LENGTH_SHORT <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">show</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token keyword">override</span> <span class="token keyword">fun</span> <span class="token function">onAuthenticationSucceeded</span> <span class="token punctuation">(</span> result <span class="token operator">:</span> BiometricPrompt <span class="token punctuation">.</span> AuthenticationResult <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">super</span> <span class="token punctuation">.</span> <span class="token function">onAuthenticationSucceeded</span> <span class="token punctuation">(</span> result <span class="token punctuation">)</span> Toast <span class="token punctuation">.</span> <span class="token function">makeText</span> <span class="token punctuation">(</span> applicationContext <span class="token punctuation">,</span> <span class="token string">"Authentication succeeded!"</span> <span class="token punctuation">,</span> Toast <span class="token punctuation">.</span> LENGTH_SHORT <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">show</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token keyword">override</span> <span class="token keyword">fun</span> <span class="token function">onAuthenticationFailed</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">super</span> <span class="token punctuation">.</span> <span class="token function">onAuthenticationFailed</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> Toast <span class="token punctuation">.</span> <span class="token function">makeText</span> <span class="token punctuation">(</span> applicationContext <span class="token punctuation">,</span> <span class="token string">"Authentication failed"</span> <span class="token punctuation">,</span> Toast <span class="token punctuation">.</span> LENGTH_SHORT <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">show</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">)</span> promptInfo <span class="token operator">=</span> BiometricPrompt <span class="token punctuation">.</span> PromptInfo <span class="token punctuation">.</span> <span class="token function">Builder</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setTitle</span> <span class="token punctuation">(</span> <span class="token string">"Biometric login for my app"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setSubtitle</span> <span class="token punctuation">(</span> <span class="token string">"Log in using your biometric credential"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setNegativeButtonText</span> <span class="token punctuation">(</span> <span class="token string">"Use account password"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">build</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token comment">// Prompt appears when user clicks "Log in".</span> <span class="token comment">// Consider integrating with the keystore to unlock cryptographic operations,</span> <span class="token comment">// if needed by your app.</span> <span class="token keyword">val</span> biometricLoginButton <span class="token operator">=</span> findViewById <span class="token operator"><</span> Button <span class="token operator">></span> <span class="token punctuation">(</span> R <span class="token punctuation">.</span> id <span class="token punctuation">.</span> biometric_login <span class="token punctuation">)</span> biometricLoginButton <span class="token punctuation">.</span> <span class="token function">setOnClickListener</span> <span class="token punctuation">{</span> biometricPrompt <span class="token punctuation">.</span> <span class="token function">authenticate</span> <span class="token punctuation">(</span> promptInfo <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> |
Using a cryptographic solution depends on authentication
To further protect sensitive information in your application, you can incorporate cryptography into your biometric authentication using the CryptoObject instance. The framework supports the following encryption objects: Signature , Cipher, and Mac .
After the user successfully authenticates with the biometric prompt, your application can perform the encryption operation. For example, if you authenticate using a Cipher object, your application can perform encryption and decryption using the SecretKey object.
The following sections go through examples of using the Cipher object and the SecretKey object to encrypt data. Each example uses the following methods:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <span class="token keyword">private</span> <span class="token keyword">fun</span> <span class="token function">generateSecretKey</span> <span class="token punctuation">(</span> keyGenParameterSpec <span class="token operator">:</span> KeyGenParameterSpec <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">val</span> keyGenerator <span class="token operator">=</span> KeyGenerator <span class="token punctuation">.</span> <span class="token function">getInstance</span> <span class="token punctuation">(</span> KeyProperties <span class="token punctuation">.</span> KEY_ALGORITHM_AES <span class="token punctuation">,</span> <span class="token string">"AndroidKeyStore"</span> <span class="token punctuation">)</span> keyGenerator <span class="token punctuation">.</span> <span class="token function">init</span> <span class="token punctuation">(</span> keyGenParameterSpec <span class="token punctuation">)</span> keyGenerator <span class="token punctuation">.</span> <span class="token function">generateKey</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token keyword">private</span> <span class="token keyword">fun</span> <span class="token function">getSecretKey</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token operator">:</span> SecretKey <span class="token punctuation">{</span> <span class="token keyword">val</span> keyStore <span class="token operator">=</span> KeyStore <span class="token punctuation">.</span> <span class="token function">getInstance</span> <span class="token punctuation">(</span> <span class="token string">"AndroidKeyStore"</span> <span class="token punctuation">)</span> <span class="token comment">// Before the keystore can be accessed, it must be loaded.</span> keyStore <span class="token punctuation">.</span> <span class="token function">load</span> <span class="token punctuation">(</span> <span class="token keyword">null</span> <span class="token punctuation">)</span> <span class="token keyword">return</span> keyStore <span class="token punctuation">.</span> <span class="token function">getKey</span> <span class="token punctuation">(</span> KEY_NAME <span class="token punctuation">,</span> <span class="token keyword">null</span> <span class="token punctuation">)</span> <span class="token keyword">as</span> SecretKey <span class="token punctuation">}</span> <span class="token keyword">private</span> <span class="token keyword">fun</span> <span class="token function">getCipher</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token operator">:</span> Cipher <span class="token punctuation">{</span> <span class="token keyword">return</span> Cipher <span class="token punctuation">.</span> <span class="token function">getInstance</span> <span class="token punctuation">(</span> KeyProperties <span class="token punctuation">.</span> KEY_ALGORITHM_AES <span class="token operator">+</span> <span class="token string">"/"</span> <span class="token operator">+</span> KeyProperties <span class="token punctuation">.</span> BLOCK_MODE_CBC <span class="token operator">+</span> <span class="token string">"/"</span> <span class="token operator">+</span> KeyProperties <span class="token punctuation">.</span> ENCRYPTION_PADDING_PKCS7 <span class="token punctuation">)</span> <span class="token punctuation">}</span> |
Authenticate using only biometric credentials
If your application uses a secret key that requires biometric credentials to unlock, the user must verify their biometric credentials each time before your app accesses the key.
To encrypt sensitive information only after the user authenticates with the biometric credentials, complete the following steps:
- The Generate key uses the following KeyGenParameterSpec configuration:
1 2 3 4 5 6 7 8 9 10 11 12 13 | <span class="token function">generateSecretKey</span> <span class="token punctuation">(</span> KeyGenParameterSpec <span class="token punctuation">.</span> <span class="token function">Builder</span> <span class="token punctuation">(</span> KEY_NAME <span class="token punctuation">,</span> KeyProperties <span class="token punctuation">.</span> PURPOSE_ENCRYPT <span class="token operator">or</span> KeyProperties <span class="token punctuation">.</span> PURPOSE_DECRYPT <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setBlockModes</span> <span class="token punctuation">(</span> KeyProperties <span class="token punctuation">.</span> BLOCK_MODE_CBC <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setEncryptionPaddings</span> <span class="token punctuation">(</span> KeyProperties <span class="token punctuation">.</span> ENCRYPTION_PADDING_PKCS7 <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setUserAuthenticationRequired</span> <span class="token punctuation">(</span> <span class="token boolean">true</span> <span class="token punctuation">)</span> <span class="token comment">// Invalidate the keys if the user has registered a new biometric</span> <span class="token comment">// credential, such as a new fingerprint. Can call this method only</span> <span class="token comment">// on Android 7.0 (API level 24) or higher. The variable</span> <span class="token comment">// "invalidatedByBiometricEnrollment" is true by default.</span> <span class="token punctuation">.</span> <span class="token function">setInvalidatedByBiometricEnrollment</span> <span class="token punctuation">(</span> <span class="token boolean">true</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">build</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> |
- Start the process of biometric authentication with cryptography:
1 2 3 4 5 6 7 8 9 | biometricLoginButton <span class="token punctuation">.</span> <span class="token function">setOnClickListener</span> <span class="token punctuation">{</span> <span class="token comment">// Exceptions are unhandled within this snippet.</span> <span class="token keyword">val</span> cipher <span class="token operator">=</span> <span class="token function">getCipher</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token keyword">val</span> secretKey <span class="token operator">=</span> <span class="token function">getSecretKey</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> cipher <span class="token punctuation">.</span> <span class="token function">init</span> <span class="token punctuation">(</span> Cipher <span class="token punctuation">.</span> ENCRYPT_MODE <span class="token punctuation">,</span> secretKey <span class="token punctuation">)</span> biometricPrompt <span class="token punctuation">.</span> <span class="token function">authenticate</span> <span class="token punctuation">(</span> promptInfo <span class="token punctuation">,</span> BiometricPrompt <span class="token punctuation">.</span> <span class="token function">CryptoObject</span> <span class="token punctuation">(</span> cipher <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> |
- In your biometric authentication callback, use the secret key to encrypt sensitive information:
1 2 3 4 5 6 7 8 9 | <span class="token keyword">override</span> <span class="token keyword">fun</span> <span class="token function">onAuthenticationSucceeded</span> <span class="token punctuation">(</span> result <span class="token operator">:</span> BiometricPrompt <span class="token punctuation">.</span> AuthenticationResult <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">val</span> encryptedInfo <span class="token operator">:</span> ByteArray <span class="token operator">=</span> result <span class="token punctuation">.</span> cryptoObject <span class="token punctuation">.</span> cipher <span class="token operator">?</span> <span class="token punctuation">.</span> <span class="token function">doFinal</span> <span class="token punctuation">(</span> plaintext <span class="token operator">-</span> string <span class="token punctuation">.</span> <span class="token function">toByteArray</span> <span class="token punctuation">(</span> Charset <span class="token punctuation">.</span> <span class="token function">defaultCharset</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> Log <span class="token punctuation">.</span> <span class="token function">d</span> <span class="token punctuation">(</span> <span class="token string">"MY_APP_TAG"</span> <span class="token punctuation">,</span> <span class="token string">"Encrypted information: "</span> <span class="token operator">+</span> Arrays <span class="token punctuation">.</span> <span class="token function">toString</span> <span class="token punctuation">(</span> encryptedInfo <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> |
Authenticate using lock screen or biometric credentials
You can use a secret key that enables authentication using biometric credentials or lock screen credentials (PIN, pattern or password). When configuring this key, specify an validity period. During this time, your application may perform many cryptographic operations without the user needing to re-authenticate.
To encrypt sensitive information after a user authenticates with credentials on the lock screen or biometrics, complete the following steps:
- Generate key using the KeyGenParameterSpec configuration
1 2 3 4 5 6 7 8 9 10 | <span class="token function">generateSecretKey</span> <span class="token punctuation">(</span> KeyGenParameterSpec <span class="token punctuation">.</span> <span class="token function">Builder</span> <span class="token punctuation">(</span> KEY_NAME <span class="token punctuation">,</span> KeyProperties <span class="token punctuation">.</span> PURPOSE_ENCRYPT <span class="token operator">or</span> KeyProperties <span class="token punctuation">.</span> PURPOSE_DECRYPT <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setBlockModes</span> <span class="token punctuation">(</span> KeyProperties <span class="token punctuation">.</span> BLOCK_MODE_CBC <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setEncryptionPaddings</span> <span class="token punctuation">(</span> KeyProperties <span class="token punctuation">.</span> ENCRYPTION_PADDING_PKCS7 <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setUserAuthenticationRequired</span> <span class="token punctuation">(</span> <span class="token boolean">true</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setUserAuthenticationParameters</span> <span class="token punctuation">(</span> VALIDITY_DURATION_SECONDS <span class="token punctuation">,</span> ALLOWED_AUTHENTICATORS <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">build</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> |
- During the period VALIDITY_DURATION_SECONDS after the user authenticates, encrypt the sensitive information:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | <span class="token keyword">private</span> <span class="token keyword">fun</span> <span class="token function">encryptSecretInformation</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token comment">// Exceptions are unhandled for getCipher() and getSecretKey().</span> <span class="token keyword">val</span> cipher <span class="token operator">=</span> <span class="token function">getCipher</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token keyword">val</span> secretKey <span class="token operator">=</span> <span class="token function">getSecretKey</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token keyword">try</span> <span class="token punctuation">{</span> cipher <span class="token punctuation">.</span> <span class="token function">init</span> <span class="token punctuation">(</span> Cipher <span class="token punctuation">.</span> ENCRYPT_MODE <span class="token punctuation">,</span> secretKey <span class="token punctuation">)</span> <span class="token keyword">val</span> encryptedInfo <span class="token operator">:</span> ByteArray <span class="token operator">=</span> cipher <span class="token punctuation">.</span> <span class="token function">doFinal</span> <span class="token punctuation">(</span> plaintext <span class="token operator">-</span> string <span class="token punctuation">.</span> <span class="token function">toByteArray</span> <span class="token punctuation">(</span> Charset <span class="token punctuation">.</span> <span class="token function">defaultCharset</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> Log <span class="token punctuation">.</span> <span class="token function">d</span> <span class="token punctuation">(</span> <span class="token string">"MY_APP_TAG"</span> <span class="token punctuation">,</span> <span class="token string">"Encrypted information: "</span> <span class="token operator">+</span> Arrays <span class="token punctuation">.</span> <span class="token function">toString</span> <span class="token punctuation">(</span> encryptedInfo <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span> e <span class="token operator">:</span> InvalidKeyException <span class="token punctuation">)</span> <span class="token punctuation">{</span> Log <span class="token punctuation">.</span> <span class="token function">e</span> <span class="token punctuation">(</span> <span class="token string">"MY_APP_TAG"</span> <span class="token punctuation">,</span> <span class="token string">"Key is invalid."</span> <span class="token punctuation">)</span> <span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span> e <span class="token operator">:</span> UserNotAuthenticatedException <span class="token punctuation">)</span> <span class="token punctuation">{</span> Log <span class="token punctuation">.</span> <span class="token function">d</span> <span class="token punctuation">(</span> <span class="token string">"MY_APP_TAG"</span> <span class="token punctuation">,</span> <span class="token string">"The key's validity timed out."</span> <span class="token punctuation">)</span> biometricPrompt <span class="token punctuation">.</span> <span class="token function">authenticate</span> <span class="token punctuation">(</span> promptInfo <span class="token punctuation">)</span> <span class="token punctuation">}</span> |
Authenticate with an authentication key each time
You can provide support for per-use authentication keys in your instance of BiometricPrompt . Such a lock requires users to present biometric or device credentials each time your application needs to access data protected by that key. Per-use authentication keys can be useful for high-value transactions, such as large payments or updating one’s health records.
To associate the BiometricPrompt object with the auth-per-use key, add code similar to the following:
1 2 3 4 5 6 7 8 9 10 | <span class="token keyword">val</span> authPerOpKeyGenParameterSpec <span class="token operator">=</span> KeyGenParameterSpec <span class="token punctuation">.</span> <span class="token function">Builder</span> <span class="token punctuation">(</span> <span class="token string">"myKeystoreAlias"</span> <span class="token punctuation">,</span> key <span class="token operator">-</span> purpose <span class="token punctuation">)</span> <span class="token comment">// Accept either a biometric credential or a device credential.</span> <span class="token comment">// To accept only one type of credential, include only that type as the</span> <span class="token comment">// second argument.</span> <span class="token punctuation">.</span> <span class="token function">setUserAuthenticationParameters</span> <span class="token punctuation">(</span> <span class="token number">0</span> <span class="token comment">/* duration */</span> <span class="token punctuation">,</span> KeyProperties <span class="token punctuation">.</span> AUTH_BIOMETRIC_STRONG <span class="token operator">or</span> KeyProperties <span class="token punctuation">.</span> AUTH_DEVICE_CREDENTIAL <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">build</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> |
Authentication without explicit user action
By default, the system asks the user to perform a specific action, such as pressing a button, after their biometric credentials are accepted. This configuration is more suitable if your application is displaying a dialog box to confirm a sensitive or high-risk action, such as a purchase.
However, if your app shows a biometric authentication dialog for a lower risk action, you can provide a hint to the system that the user doesn’t need validation. This suggestion can allow users to see content in your app faster after re-authenticating using a passive method, such as facial or iris based recognition. To provide this hint, pass false to the setConfirmationRequired () method .
The picture shows two versions of the same dialog. One version requires explicit user action and the other does not:
The following code snippet shows how to present a dialog that doesn’t require explicit user action to complete the validation process:
1 2 3 4 5 6 7 8 9 | <span class="token comment">// Allows user to authenticate without performing an action, such as pressing a</span> <span class="token comment">// button, after their biometric credential is accepted.</span> promptInfo <span class="token operator">=</span> BiometricPrompt <span class="token punctuation">.</span> PromptInfo <span class="token punctuation">.</span> <span class="token function">Builder</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setTitle</span> <span class="token punctuation">(</span> <span class="token string">"Biometric login for my app"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setSubtitle</span> <span class="token punctuation">(</span> <span class="token string">"Log in using your biometric credential"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setNegativeButtonText</span> <span class="token punctuation">(</span> <span class="token string">"Use account password"</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">setConfirmationRequired</span> <span class="token punctuation">(</span> <span class="token boolean">false</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> <span class="token function">build</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> |
Allow the provision of non-biometric authentication information
If you want your app to enable biometric or device authentication, you can declare that your app supports device credentials by including DEVICE_CREDENTIAL in the set of values. which you pass in setAllowedAuthenticators () .
If your application is currently using createConfirmDeviceCredentialIntent () or setDeviceCredentialAllowed () to provide this capability, switch to using setAllowedAuthenticators () .
This article is over. Thank you for reading my article