87 lines
4.2 KiB
Markdown
87 lines
4.2 KiB
Markdown
|
|
Android AsymmetricFingerprintDialog Sample
|
|
===================================
|
|
|
|
A sample that demonstrates to use registered fingerprints to authenticate the user in your app
|
|
|
|
Introduction
|
|
------------
|
|
|
|
This sample demonstrates how you can use registered fingerprints in your app to authenticate the
|
|
user before proceeding some actions such as purchasing an item.
|
|
|
|
First you need to create an asymmetric key pair in the Android Key Store using [KeyPairGenerator][1]
|
|
in the way that its private key can only be used after the user has authenticated with fingerprint
|
|
and transmit the public key to your backend with the user verified password (In a real world, the
|
|
app should show proper UIs).
|
|
|
|
By setting [KeyGenParameterSpec.Builder.setUserAuthenticationRequired][2] to true, you can permit the
|
|
use of the key only after the user authenticate it including when authenticated with the user's
|
|
fingerprint.
|
|
|
|
Then start listening to a fingerprint on the fingerprint sensor by calling
|
|
[FingerprintManager.authenticate][3] with a [Signature][4] initialized with the asymmetric key pair
|
|
created. Or alternatively you can fall back to server-side verified password as an authenticator.
|
|
|
|
Once the fingerprint (or password) is verified, the
|
|
[FingerprintManager.AuthenticationCallback#onAuthenticationSucceeded()][5] callback is called.
|
|
|
|
Then you can verify the purchase transaction on server side with the public key passed from the
|
|
client, by verifying the piece of data signed by the Signature.
|
|
|
|
[1]: https://developer.android.com/reference/java/security/KeyPairGenerator.html
|
|
[2]: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29
|
|
[3]: https://developer.android.com/reference/android/hardware/fingerprint/FingerprintManager.html#authenticate%28android.hardware.fingerprint.FingerprintManager.CryptoObject,%20android.os.CancellationSignal,%20int,%20android.hardware.fingerprint.FingerprintManager.AuthenticationCallback,%20android.os.Handler%29
|
|
[4]: https://developer.android.com/reference/java/security/Signature.html
|
|
[5]: https://developer.android.com/reference/android/hardware/fingerprint/FingerprintManager.AuthenticationCallback.html#onAuthenticationSucceeded%28android.hardware.fingerprint.FingerprintManager.AuthenticationResult%29
|
|
|
|
Pre-requisites
|
|
--------------
|
|
|
|
- Android SDK 27
|
|
- Android Build Tools v27.0.2
|
|
- Android Support Repository
|
|
|
|
Screenshots
|
|
-------------
|
|
|
|
<img src="screenshots/1-purchase-screen.png" height="400" alt="Screenshot"/> <img src="screenshots/2-fingerprint-dialog.png" height="400" alt="Screenshot"/> <img src="screenshots/3-fingerprint-authenticated.png" height="400" alt="Screenshot"/> <img src="screenshots/4-new-fingerprint-enrolled.png" height="400" alt="Screenshot"/>
|
|
|
|
Getting Started
|
|
---------------
|
|
|
|
This sample uses the Gradle build system. To build this project, use the
|
|
"gradlew build" command or use "Import Project" in Android Studio.
|
|
|
|
Support
|
|
-------
|
|
|
|
- Google+ Community: https://plus.google.com/communities/105153134372062985968
|
|
- Stack Overflow: http://stackoverflow.com/questions/tagged/android
|
|
|
|
If you've found an error in this sample, please file an issue:
|
|
https://github.com/googlesamples/android-AsymmetricFingerprintDialog
|
|
|
|
Patches are encouraged, and may be submitted by forking this project and
|
|
submitting a pull request through GitHub. Please see CONTRIBUTING.md for more details.
|
|
|
|
License
|
|
-------
|
|
|
|
Copyright 2017 The Android Open Source Project, Inc.
|
|
|
|
Licensed to the Apache Software Foundation (ASF) under one or more contributor
|
|
license agreements. See the NOTICE file distributed with this work for
|
|
additional information regarding copyright ownership. The ASF licenses this
|
|
file to you under the Apache License, Version 2.0 (the "License"); you may not
|
|
use this file except in compliance with the License. You may obtain a copy of
|
|
the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
License for the specific language governing permissions and limitations under
|
|
the License.
|