无法在Android上使用Passkey注册身份验证

huangapple go评论102阅读模式
英文:

Unable to register for authentication using Passkey on Android

问题

I'm trying to follow the official documentation to implement Passkey registration. There is also a codelab demonstrating the topic (note that it works as intended on my Android device.)

I created this minimal test-case available on github, which replicates what's taking place in the codelab, in Java instead of Kotlin.

private void signUp() {
    CreatePublicKeyCredentialRequest createPublicKeyCredentialRequest = new CreatePublicKeyCredentialRequest(fetchRegistrationJsonFromServer());

    credentialManager.createCredentialAsync(
            createPublicKeyCredentialRequest,
            this,
            new CancellationSignal(),
            getMainExecutor(),
            new CredentialManagerCallback<CreateCredentialResponse, CreateCredentialException>() {
                @Override
                public void onResult(CreateCredentialResponse result) {
                    Log.d(TAG, "Registration success");
                }

                @Override
                public void onError(CreateCredentialException e) {
                    Log.e(TAG, "Registration failure - " + e.getClass().getName());

                    if (e instanceof CreatePublicKeyCredentialDomException) {
                        // Handle the passkey DOM errors thrown according to the
                        // WebAuthn spec.
                        Log.e(TAG, String.valueOf(((CreatePublicKeyCredentialDomException)e).getDomError()));
                    } else if (e instanceof CreateCredentialCancellationException) {
                        // The user intentionally canceled the operation and chose not
                        // to register the credential.
                    } else if (e instanceof CreateCredentialInterruptedException) {
                        // Retry-able error. Consider retrying the call.
                    } else if (e instanceof CreateCredentialProviderConfigurationException) {
                        // Your app is missing the provider configuration dependency.
                        // Most likely, you're missing the
                        // "credentials-play-services-auth" module.
                    } else if (e instanceof CreateCredentialUnknownException) {
                    } else if (e instanceof CreateCustomCredentialException) {
                        // You have encountered an error from a 3rd-party SDK. If
                        // you make the API call with a request object that's a
                        // subclass of
                        // CreateCustomCredentialRequest using a 3rd-party SDK,
                        // then you should check for any custom exception type
                        // constants within that SDK to match with e.type.
                        // Otherwise, drop or log the exception.
                    }
                }
            }
    );
}

private String fetchRegistrationJsonFromServer() {
    String response = Utils.readFromAssets(this, "reg.txt");

    return response.replace("<userId>", getEncodedUserId())
            .replace("<userName>", username)
            .replace("<userDisplayName>", username)
            .replace("<challenge>", getEncodedChallenge());
}

private String getEncodedUserId() {
    SecureRandom random = new SecureRandom();
    byte[] bytes = new byte[64];
    random.nextBytes(bytes);

    return Base64.encodeToString(bytes, Base64.NO_WRAP | Base64.URL_SAFE | Base64.NO_PADDING);
}

private String getEncodedChallenge() {
    SecureRandom random = new SecureRandom();
    byte[] bytes = new byte[32];
    random.nextBytes(bytes);

    return Base64.encodeToString(bytes, Base64.NO_WRAP | Base64.URL_SAFE | Base64.NO_PADDING);
}

Currently, it fails with a CreatePublicKeyCredentialDomException of type androidx.credentials.exceptions.domerrors.SecurityError.

Note that my app is handling Digital Asset Links properly, according to this document. Please refer to this SO question for reference.

Currently, the only part which looks problematic to me is the registration template. I tried to replace the "rp.id" value with com.unibeam.passkey1 but it did not work.

英文:

I'm trying to follow the official documentation to implement Passkey registration. There is also a codelab demonstrating the topic (note that it works as intended on my Android device.)

I created this minimal test-case available on github, which replicates what's taking place in the codelab, in Java instead of Kotlin.

private void signUp() {
CreatePublicKeyCredentialRequest createPublicKeyCredentialRequest = new CreatePublicKeyCredentialRequest(fetchRegistrationJsonFromServer());
credentialManager.createCredentialAsync(
createPublicKeyCredentialRequest,
this,
new CancellationSignal(),
getMainExecutor(),
new CredentialManagerCallback&lt;CreateCredentialResponse, CreateCredentialException&gt;() {
@Override
public void onResult(CreateCredentialResponse result) {
Log.d(TAG, &quot;Registration success&quot;);
}
@Override
public void onError(CreateCredentialException e) {
Log.e(TAG, &quot;Registration failure - &quot; + e.getClass().getName());
if (e instanceof CreatePublicKeyCredentialDomException) {
// Handle the passkey DOM errors thrown according to the
// WebAuthn spec.
Log.e(TAG, String.valueOf(((CreatePublicKeyCredentialDomException)e).getDomError()));
} else if (e instanceof CreateCredentialCancellationException) {
// The user intentionally canceled the operation and chose not
// to register the credential.
} else if (e instanceof CreateCredentialInterruptedException) {
// Retry-able error. Consider retrying the call.
} else if (e instanceof CreateCredentialProviderConfigurationException) {
// Your app is missing the provider configuration dependency.
// Most likely, you&#39;re missing the
// &quot;credentials-play-services-auth&quot; module.
} else if (e instanceof CreateCredentialUnknownException) {
} else if (e instanceof CreateCustomCredentialException) {
// You have encountered an error from a 3rd-party SDK. If
// you make the API call with a request object that&#39;s a
// subclass of
// CreateCustomCredentialRequest using a 3rd-party SDK,
// then you should check for any custom exception type
// constants within that SDK to match with e.type.
// Otherwise, drop or log the exception.
}
}
}
);
}
private String fetchRegistrationJsonFromServer() {
String response = Utils.readFromAssets(this, &quot;reg.txt&quot;);
return response.replace(&quot;&lt;userId&gt;&quot;, getEncodedUserId())
.replace(&quot;&lt;userName&gt;&quot;, username)
.replace(&quot;&lt;userDisplayName&gt;&quot;, username)
.replace(&quot;&lt;challenge&gt;&quot;, getEncodedChallenge());
}
private String getEncodedUserId() {
SecureRandom random = new SecureRandom();
byte[] bytes = new byte[64];
random.nextBytes(bytes);
return Base64.encodeToString(bytes, Base64.NO_WRAP | Base64.URL_SAFE | Base64.NO_PADDING);
}
private String getEncodedChallenge() {
SecureRandom random = new SecureRandom();
byte[] bytes = new byte[32];
random.nextBytes(bytes);
return Base64.encodeToString(bytes, Base64.NO_WRAP | Base64.URL_SAFE | Base64.NO_PADDING);
}

Currently, it fails with a CreatePublicKeyCredentialDomException of type androidx.credentials.exceptions.domerrors.SecurityError.

Note that my app is handling Digital Asset Links properly, according to this document. Please refer to this SO question for reference.

Currently, the only part which looks problematic to me is the registration template. I tried to replace the "rp.id" value with com.unibeam.passkey1 but it did not work.

答案1

得分: 0

答案是自问自答... 解决方案相当合理:

在注册模板中将 unibeam.github.io 用作 "rp.id"。只有这种方式,底层系统才能发现 https://unibeam.github.io/.well-known/assetlinks.json

请注意,这绝对没有记录,好像 Google 不希望人们实施通行证身份验证。

英文:

Answering my own question... The solution was pretty logical:

Using unibeam.github.io as "rp.id" in the registration template. Only this way, the underlying system is able to discover https://unibeam.github.io/.well-known/assetlinks.json!

Note that is absolutely not documented, as if Google doesn't want people to implement passkey authentication.

huangapple
  • 本文由 发表于 2023年6月29日 15:05:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/76578743.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定