FIDO

Overview

HUAWEI FIDO BioAuthn provides your app with powerful local biometric authentication capabilities, including fingerprint authentication and facial authentication. It allows your app to provide secure and easy-to-use password-free authentication for users while ensuring reliable authentication results.

What You Will Create

In this codelab, you will use the demo project to call the FIDO BioAuthn APIs. Through this demo project, you will:

Call the fingerprint authentication API.
Call the facial authentication API.

What You Will Learn

In this codelab, you will learn how to:

Create an app in AppGallery Connect.
Integrate Huawei fingerprint authentication into your app.
Integrate Huawei facial authentication into your app.

Other Features

FIDO (FIDO2)

Hardware Requirements

A computer (desktop or laptop) running Windows 7 or Windows 10
A Huawei phone (with a USB cable) for app debugging

Software Requirements

JDK version: 1.8.211 or later
Android Studio: 3.X or later
- minSdkVersion: 19 or later
- targetSdkVersion: 29 (recommended)
- compileSdkVersion: 29 (recommended)
- Gradle version: 4.6 or later (recommended)
Test device: a Huawei phone running EMUI 4.0 or later
If you need to use multiple HMS Core kits, use the latest versions required for these kits.

To integrate FIDO BioAuthn, you must complete the following preparations:

Create an app in AppGallery Connect.
Create an Android Studio project.
Generate a signing certificate.
Generate a signing certificate fingerprint.
Configure the signing certificate fingerprint.
Add the app package name and save the configuration file.
Add the AppGallery Connect plugin and the Maven repository in the project-level build.gradle file.
Configure the signing certificate in Android Studio.

For details, please refer to Preparations for Integrating HUAWEI HMS Core.

Sign in to AppGallery Connect, click My projects, find your project, and click your desired app. Then, go to Project settings > Manage APIs.
Toggle on the FIDO switch.

If you are using Android Studio, you can integrate the HMS Core SDK via the Maven repository. Before you start developing an app, integrate the HMS Core SDK into your Android Studio project.

Adding the AppGallery Connect Configuration File of Your App

If you have enabled certain services in AppGallery Connect, add the agconnect-services.json file to your app.
步骤 1 - Sign in to AppGallery Connect and click My projects.
步骤 2 - Find your app project and click the app that needs to integrate the HMS Core SDK.
步骤 3 - Go to Project settings > General information. In the App information area, download the agconnect-services.json file.

步骤 4 - Copy the agconnect-services.json file to your app's root directory.

—-End

Configuring the Maven Repository Address for the HMS Core SDK

步骤 1 - Open the build.gradle file in the root directory of your Android Studio project.

步骤 2 - Add the AppGallery Connect plugin and the Maven repository.

Go to buildscript > repositories and configure the Maven repository address for the HMS Core SDK.
Go to allprojects > repositories and configure the Maven repository address for the HMS Core SDK.

If the agconnect-services.json file has been added to the app, go to buildscript > dependencies and add the AppGallery Connect plugin configuration.


buildscript { 
    repositories { 
        google() 
        jcenter() 
        // Configure the Maven repository address for the HMS Core SDK. 
        maven {url 'https://developer.huawei.com/repo/'} 
    } 
    dependencies { 
        ... 
        // Add the AppGallery Connect plugin configuration. You are advised to use the latest plugin version. 
        classpath 'com.huawei.agconnect:agcp:1.6.0.300' 
    } 
} 
 
allprojects { 
    repositories { 
        google() 
        jcenter() 
        // Configure the Maven repository address for the HMS Core SDK. 
        maven {url 'https://developer.huawei.com/repo/'} 
    } 
}

In Gradle 7.0 or later, configuration under allprojects > repositories is migrated to the project-level settings.gradle file.
The following is a configuration example of the settings.gradle file:


dependencyResolutionManagement { 
    ... 
    repositories { 
        google() 
        jcenter()  
        maven {url 'https://developer.huawei.com/repo/'} 
    } 
}

—-End

Adding Build Dependencies

步骤 1 - Open the app-level build.gradle file of your project.

步骤 2 - Add the AppGallery Connect plugin configuration in either of the following methods:

Method 1: Add the following information under the declaration in the file header:
```
apply plugin: 'com.huawei.agconnect'
```

Method 2: Add the plugin configuration in the plugins block.


plugins { 
    id 'com.android.application' 
    // Add the following configuration: 
    id 'com.huawei.agconnect' 
}

步骤 3 - Add build dependencies. (Do not add dependencies on both BioAuthn-AndroidX and BioAuthn.)

FIDO2


dependencies { 
    implementation 'com.huawei.hms:fido-fido2:{version}' 
}

BioAuthn-AndroidX


dependencies { 
    implementation 'com.huawei.hms:fido-bioauthn-androidx:{version}' 
}

BioAuthn
```
dependencies { 
    implementation 'com.huawei.hms:fido-bioauthn:{version}' 
}
```
Replace {version} with the actual SDK version number, for example, implementation ‘com.huawei.hms:fido-fido2:6.1.0.301'. For details about the version number, please refer to Version Change History.

—-End

Defining Multi-language Settings

By default, your app supports all languages provided by the HMS Core SDK. If your app uses all these languages, skip the operation procedure in this section.
If your app uses only some of these languages, follow the operation procedure in this section to complete the required configuration.
a) Open the app-level build.gradle file of your project.

b) Go to android > defaultConfig, add resConfigs, and configure the supported languages as follows:
```
android { 
    defaultConfig { 
        ... 
        resConfigs "en", "zh-rCN", "Other languages supported by your app" 
    } 
}        
     
```
For details about the languages supported by the HMS Core SDK, please refer to Languages Supported by the HMS Core SDK.

Synchronizing the Project

Open the modified build.gradle file again. Click Sync Now in the upper right corner and wait until synchronization is complete.

Configuring Metadata

In the following scenario, configure metadata to prompt users to download HMS Core (APK):
The app store (such as HUAWEI AppGallery) allows your app to download other apps in the background, and you call relevant APIs through an activity.
In the following scenario, skip steps in this section. Currently, no way is available for prompting users to download HMS Core (APK).
The app store (such as Google Play) does not allow your app to download other apps in the background, or you call relevant APIs through a context.
Add the following code to the application element in the AndroidManifest.xml file, prompting users to download HMS Core (APK):


<application ...> 
    <meta-data      
        android:name="com.huawei.hms.client.channel.androidMarket"   
        android:value="false" /> 
    ... 
</application>

After HMS Core (APK) is downloaded, the HMS Core SDK will automatically install or update HMS Core (APK).

Configuring the AndroidManifest.xml File

In Android 11, the way for an app to query other apps on the user device and interact with them has been changed. IftargetSdkVersionn is300 or later for your app, add the> element in themanifestt element inAndroidManifest.xmll to allow your app to access HMS Core (APK).


<manifest ...> 
    ... 
    <queries> 
        <intent> 
            <action android:name="com.huawei.hms.core.aidlservice" /> 
        </intent> 
    </queries> 
    ... 
</manifest>

HUAWEI FIDO provides two SDKs for biometric authentication:

BioAuthn-AndroidX SDK: This SDK is developed based on androidx.biometric. If your project uses the android.support library, it may not be compatible with the SDK.
BioAuthn SDK: This SDK does not have compatibility issues. However, you need to design the fingerprint authentication prompt UI for your app.
The following describes how to use APIs of the two SDKs.

BioAuthn-AndroidX SDK

Fingerprint Authentication

Huawei provides the secure fingerprint authentication capability. If the system is insecure, the callback method BioAuthnCallback.onAuthError() returns the error code BioAuthnPrompt.ERROR_SYS_INTEGRITY_FAILED. If the system is secure, fingerprint authentication is performed. For details about the fingerprint authentication error codes, please refer to the API Reference.

To use the fingerprint authentication capability, perform the following steps:

Create the BioAuthnPrompt and BioAuthnCallback objects.


 Java 
private BioAuthnPrompt createBioAuthnPrompt() { 
     // Callback. 
     BioAuthnCallback callback = new BioAuthnCallback() { 
         @Override 
         public void onAuthError(int errMsgId, CharSequence errString) { 
             showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString); 
         } 
         @Override 
         public void onAuthSucceeded(BioAuthnResult result) { 
             showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); 
         } 
         @Override 
         public void onAuthFailed() { 
             showResult("Authentication failed."); 
         } 
     }; 
     return new BioAuthnPrompt(this, ContextCompat.getMainExecutor(this), callback); 
 }
Kotlin 
private fun createBioAuthnPrompt(): BioAuthnPrompt { 
     // Callback. 
     val callback = object : BioAuthnCallback() { 
         override fun onAuthError(errMsgId: Int, errString: CharSequence) { 
             showResult("Authentication error. errorCode=$errMsgId,errorMessage=$errString") 
         } 
         override fun onAuthSucceeded(result: BioAuthnResult) { 
             if (result.cryptoObject != null) { 
                 showResult("Authentication succeeded. CryptoObject=" + result.cryptoObject!!) 
             } else { 
                 showResult("Authentication succeeded. CryptoObject=null") 
             } 
         } 
         override fun onAuthFailed() { 
             showResult("Authentication failed.") 
         } 
     } 
     return BioAuthnPrompt(this, ContextCompat.getMainExecutor(this), callback) 
 }

Create prompt information and perform authentication.

When you create PromptInfo using PromptInfo.Builder, you can only select either setDeviceCredentialAllowed(true) or setNegativeButtonText(). setDeviceCredentialAllowed(true) allows change from fingerprint authentication to another authentication mode, for example, lock screen password authentication.
When using BioAuthnPrompt.PromptInfo.Builder.setDeviceCredentialAllowed(true), pay attention to the following:
- This function does not support devices with in-screen fingerprint sensors and running EMUI 9.X, for example, Mate 20 Pro, P30, P30 Pro, and Magic 2. If the function is used on these devices, the authentication will fail immediately when users change the authentication mode to lock screen password authentication.
In EMUI 9.X or earlier, fingerprint authentication may work once only. You can solve this problem in one of the following ways:
- Do not create the BioAuthnPrompt object for the activity repeatedly.
- Call the Activity.recreate() method to recreate the UI after the authentication is complete.
- Close the activity and open it again.


Java 
// Build prompt information. 
BioAuthnPrompt.PromptInfo.Builder builder = 
     new BioAuthnPrompt.PromptInfo.Builder().setTitle("This is the title.") 
         .setSubtitle("This is the subtitle") 
         .setDescription("This is the description"); 
// The user will first be prompted to authenticate with biometrics, but also given the option to 
 // authenticate with their device PIN, pattern, or password. setNegativeButtonText(CharSequence) should 
 // not be set if this is set to true. 
builder.setDeviceCredentialAllowed(true); 
// Set the text for the negative button. setDeviceCredentialAllowed(true) should not be set if this button text 
 // is set. 
 // builder.setNegativeButtonText ("This is the Cancel button."); 
BioAuthnPrompt.PromptInfo info = builder.build(); 
resultTextView.setText("Start fingerprint authentication without CryptoObject.\nAuthenticating......\n"); 
 bioAuthnPrompt.auth(info);
Kotlin 
// Build prompt information. 
val builder = BioAuthnPrompt.PromptInfo.Builder().setTitle("This is the title.") 
         .setSubtitle("This is the subtitle") 
         .setDescription("This is the description") 
// The user will first be prompted to authenticate with biometrics, but also given the option to 
 // authenticate with their device PIN, pattern, or password. setNegativeButtonText(CharSequence) should 
 // not be set if this is set to true. 
builder.setDeviceCredentialAllowed(true) 
// Set the text for the negative button. setDeviceCredentialAllowed(true) should not be set if this button text 
 // is set. 
 // builder.setNegativeButtonText ("This is the Cancel button."); 
val info = builder.build() 
resultTextView!!.text = "Start fingerprint authentication without CryptoObject.\nAuthenticating......\n" 
 bioAuthnPrompt!!.auth(info)

Facial Authentication

Huawei provides the secure facial authentication capability. If the system is insecure, the callback method BioAuthnCallback.onAuthError returns the error code FaceManager.FACE_ERROR_SYS_INTEGRITY_FAILED. If the system is secure, facial authentication is performed. For details about the facial authentication error codes, please refer to the API Reference.

To use the facial authentication capability, perform the following steps:

Build a BioAuthnCallback object.


Java 
// Callback. 
BioAuthnCallback callback = new BioAuthnCallback() { 
    @Override 
    public void onAuthError(int errMsgId, CharSequence errString) { 
        showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString 
            + (errMsgId == 1012 ? " The camera permission may not be enabled." : "")); 
    } 
    @Override 
    public void onAuthHelp(int helpMsgId, CharSequence helpString) { 
        resultTextView 
            .append("Authentication help. helpMsgId=" + helpMsgId + ",helpString=" + helpString + "\n"); 
    } 
    @Override 
    public void onAuthSucceeded(BioAuthnResult result) { 
        showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); 
    } 
    @Override 
    public void onAuthFailed() { 
        showResult("Authentication failed."); 
    } 
};
Kotlin 
// Callback. 
val callback = object : BioAuthnCallback() { 
    override fun onAuthError(errMsgId: Int, errString: CharSequence) { 
        showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString 
                + if (errMsgId == 1012) " The camera permission may not be enabled." else "") 
    } 
    override fun onAuthHelp(helpMsgId: Int, helpString: CharSequence) { 
        resultTextView!! 
                .append("Authentication help. helpMsgId=$helpMsgId,helpString=$helpString\n") 
    } 
    override fun onAuthSucceeded(result: BioAuthnResult) { 
        showResult("Authentication succeeded.") 
    } 
    override fun onAuthFailed() { 
        showResult("Authentication failed.") 
    } 
}

Build a FaceManager object and call the auth method.


Java 
// Cancellation signal. 
CancellationSignal cancellationSignal = new CancellationSignal(); 
FaceManager faceManager = new FaceManager(this); 
// Flags. 
int flags = 0; 
// Authentication message handler. 
Handler handler = null; 
// You are advised to set CryptoObject to null. The KeyStore is not associated with face authentication in the current 
// version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set to false in this scenario. 
CryptoObject crypto = null; 
faceManager.auth(crypto, cancellationSignal, flags, callback, handler);
Kotlin 
// Cancellation signal. 
val cancellationSignal = CancellationSignal() 
val faceManager = FaceManager(this)  
// Flags. 
val flags = 0 
// Authentication message handler. 
val handler: Handler? = null 
// You are advised to set CryptoObject to null. The KeyStore is not associated with face authentication in the current 
// version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set to false in this scenario. 
val crypto: CryptoObject? = null 
faceManager.auth(crypto, cancellationSignal, flags, callback, handler)

BioAuthn SDK

Fingerprint Authentication

Huawei provides the secure fingerprint authentication capability. If the system is insecure, the callback method BioAuthnCallback.onAuthError() returns the error code FingerprintManager.ERROR_SYS_INTEGRITY_FAILED. If the system is secure, fingerprint authentication is performed. For details about the fingerprint authentication error codes, please refer to the API Reference.

To use the fingerprint authentication capability, perform the following steps:

Create the FingerprintManager and BioAuthnCallback objects.


Java 
private FingerprintManager createFingerprintManager() { 
    // Callback. 
    BioAuthnCallback callback = new BioAuthnCallback() { 
        @Override 
        public void onAuthError(int errMsgId, CharSequence errString) { 
            showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString); 
        } 
        @Override 
        public void onAuthSucceeded(BioAuthnResult result) { 
            showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); 
        } 
        @Override 
        public void onAuthFailed() { 
            showResult("Authentication failed."); 
        } 
    }; 
    return new FingerprintManager(this, Executors.newSingleThreadExecutor(), callback); 
}
Kotlin 
    // Callback. 
    val callback = object : BioAuthnCallback() { 
        override fun onAuthError(errMsgId: Int, errString: CharSequence?) { 
            showResult("Authentication error. errorCode=$errMsgId,errorMessage=$errString") 
        } 
        override fun onAuthSucceeded(result: BioAuthnResult) { 
            showResult("Authentication succeeded. CryptoObject=" + result.cryptoObject) 
        } 
        override fun onAuthFailed() { 
            showResult("Authentication failed.") 
        } 
    } 
    return FingerprintManager(this, Executors.newSingleThreadExecutor(), callback) 
}

Perform authentication.


Java 
fingerprintManager.auth();
Kotlin 
fingerprintManager!!.auth()

Facial Authentication

To use the facial authentication capability, perform the following steps:

Build a BioAuthnCallback object.


Java 
// Callback. 
BioAuthnCallback callback = new BioAuthnCallback() { 
    @Override 
    public void onAuthError(int errMsgId, CharSequence errString) { 
        showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString 
                + (errMsgId == 1012 ? " The camera permission may not be enabled." : "")); 
    } 
    @Override 
    public void onAuthHelp(int helpMsgId, CharSequence helpString) { 
        resultTextView 
                .append("Authentication help. helpMsgId=" + helpMsgId + ",helpString=" + helpString + "\n"); 
    } 
    @Override 
    public void onAuthSucceeded(BioAuthnResult result) { 
        showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); 
    } 
    @Override 
    public void onAuthFailed() { 
        showResult("Authentication failed."); 
    } 
};
Kotlin 
// Callback. 
val callback = object : BioAuthnCallback() { 
    override fun onAuthError(errMsgId: Int, errString: CharSequence?) { 
        showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString 
                + if (errMsgId == 1012) " The camera permission may not be enabled." else "") 
    } 
    override fun onAuthHelp(helpMsgId: Int, helpString: CharSequence?) { 
        resultTextView!! 
                .append("Authentication help. helpMsgId=$helpMsgId,helpString=$helpString\n") 
    } 
    override fun onAuthSucceeded(result: BioAuthnResult) { 
        showResult("Authentication succeeded. CryptoObject=" + result.cryptoObject) 
    } 
    override fun onAuthFailed() { 
        showResult("Authentication failed.") 
    } 
}

Build a FaceManager object and call the auth method.


Java 
// Cancellation signal. 
CancellationSignal cancellationSignal = new CancellationSignal(); 
FaceManager faceManager = new FaceManager(this); 
// Flags. 
int flags = 0; 
// Authentication message handler. 
Handler handler = null; 
// You are advised to set CryptoObject to null. The KeyStore is not associated with face authentication in the current 
// version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set to false in this scenario. 
CryptoObject crypto = null; 
faceManager.auth(crypto, cancellationSignal, flags, callback, handler);
Kotlin 
// Cancellation signal. 
val cancellationSignal = CancellationSignal() 
val faceManager = FaceManager(this) 
// Flags. 
val flags = 0 
// Authentication message handler. 
val handler: Handler? = null 
// You are advised to set CryptoObject to null. The KeyStore is not associated with face authentication in the current 
// version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set to false in this scenario. 
val crypto: CryptoObject? = null 
resultTextView!!.text = "Start face authentication.\nAuthenticating......\n" 
faceManager.auth(crypto, cancellationSignal, flags, callback, handler)

Install the test APK, launch the app, and tap relevant buttons to trigger fingerprint authentication or facial authentication.