Register a WebAuthn device
To register a WebAuthn device on receipt of a WebAuthnRegistrationCallback
from the server, use the register()
method.
Optionally, use the deviceName
parameter to assign a name to the device to help the user identify it.
WebAuthnRegistrationCallback callback =
node.getCallback(WebAuthnRegistrationCallback.class);
callback.register(requireContext(), deviceName, node, new FRListener<Void>() {
@Override
public void onSuccess(Void result) {
// Registration is successful
// Continue the journey by calling next()
}
@Override
public void onException(Exception e) {
// An error occurred during the registration process
// Continue the journey by calling next()
}
});
fun WebAuthnRegistrationCallback(
callback: WebAuthnRegistrationCallback,
node: Node,
onCompleted: () -> Unit
) {
val context = LocalContext.current
var deviceName by remember { mutableStateOf(Build.MODEL) }
try {
callback.register(context, deviceName, node)
// Registration is successful
currentOnCompleted()
} catch (e: CancellationException) {
// User cancelled registration
} catch (e: Exception) {
// An error occurred during the registration process
currentOnCompleted()
}
}
Passkey support
The ForgeRock SDK for Android supports passkeys when the app is running on Android P or later. For more information on passkeys, refer to Passkey support on Android and Chrome.
If the WebAuthn Registration node has the Username to device option enabled and the app is running on Android P or later, then the SDK sets the RESIDENT_KEY_REQUIRED
flag and enables passkeys for WebAuthn.
In this case, the user is asked to create a new passkey on their device and is required to perform biometric authentication to confirm. The device syncs the generated passkey to the user’s Google Account for use on their supported devices.
If the device is not running Android P or later, the SDK sets the RESIDENT_KEY_DISCOURAGED
flag, meaning passkeys are not used nor synchronized to the Google Account.
For more information about resident keys and client-side discoverable credentials, refer to ResidentKeyRequirement in the Google developer documentation.