Skip to content
/ android-oauth-biometrics Public

🔐 A proof-of-concept application to log into an example Auth0 instance with a PKCE flow and allow secure retrieval of the access and refresh tokens with biometrics

auth0.com

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oliverspryn/android-oauth-biometrics

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.docs
.docs
 
 
.idea
.idea
 
 
app
app
 
 
gradle/wrapper
gradle/wrapper
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Android OAuth with Biometrics

🔐 A proof-of-concept application to log into an example Auth0 instance with a PKCE flow and allow secure retrieval of the access and refresh tokens with biometrics

Login, reauthentication with biometrics, and logout flows

Features:

  • Login + logout flows with an OAuth provider
  • Store credentials in secure storage with hardware-backed cryptography
  • Graceful handling of devices that lack hardware-backed cryptography features
  • Intelligent selection of the best available cryptography + biometrics for enhanced security based on API level and available hardware
  • Reauthenicate back into an account with biometrics
  • Graceful handling of devices which have biometric capabilities, but no enrolled biometrics
  • Network stack automatically injects the acccess token into the necessary API calls
  • Auto-refresh of the access token
  • Auto-logout when the refresh token is invalidated
  • Identification of what kind of secondary authentication mechanisms are available on the device
  • Showing what kind of secondary authentication was used

Here are some useful sources that I consulted before building this project:

Setup an Auth0 Account

Since this project requires an OAuth IDP to run, follow these steps:

  1. Create a free Auth0 account
  2. Once you have created an account, create a tenant (which can be thought of as a new project)
  3. Inside of the newly created tenant, create a new application by going to the navigation panel > Applications > Create Application > Native
  4. Open up your new application and make a note of the Client ID and the Domain under the Settings tab
  5. On the same tab, add com.oliverspryn.android.oauthbiometrics://oauth/login to the Allowed Callback URLs list
  6. Add com.oliverspryn.android.oauthbiometrics://oauth/logout to the Allowed Logout URLs list
  7. Create a user for your testing purposes by going to the navigation panel > User Management > Users > Create User

Run the Project

Once the OAuth tenant, application, and user account are setup, you can incorporate them into this project:

  1. Clone the project
  2. Open up app/build.gradle
  3. Change the OAUTH_CLIENT_ID and OPENID_CONFIG_URL to the values you found in the Auth0 management portal
  4. Configure CryptographyConfig.ALLOW_DEVICE_CREDENTIALS_AS_SECONDARY_LOGIN to allow or disallow PIN/pattern/etc as an additional secondary login option

About

🔐 A proof-of-concept application to log into an example Auth0 instance with a PKCE flow and allow secure retrieval of the access and refresh tokens with biometrics

auth0.com

Topics

authentication proof-of-concept login fingerprint auth0 poc biometrics access-token refresh-token 0auth

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Languages