Passkeys for native Android Apps 🚀

Justpass
4 min readJun 26, 2023

--

Passkeys are a revolutionary method of authentication that allows users to authenticate across devices using their preferred device biometrics 🖐️🔒. Passkeys offers secure and convenient ways to log in without passwords. No more forgetting passwords or resetting them every time! 😎

In this tutorial, we will walk through the process of integrating passkeys authentication using JustPass.me into your Android app 📲.

Setup 🔧

Before we dive into the code, there are some setup steps you need to carry out in the JustPassMe dashboard:

  1. In the dashboard, create an organization and add the following details:
  • Your application’s package name 📦.
  • SHA-1 fingerprint for your application 🔏

2. Next, you need to bind your verification assets into your app’s build.gradle file as shown below:

android {
defaultConfig {
resValue("string", "host", "https://<YOUR_ORGANIZATION_ID>.accounts.justpass.me")
resValue("string", "asset_statements", """
[{
"include": "https://<YOUR_ORGANIZATION_ID>.accounts.justpass.me/.well-known/assetlinks.json"
}]
""")
}
}

3. Afterwards, sync your project with Gradle files, then add the following meta-data to your <application> tag in the AndroidManifest.xml file:

<manifest>
<application>
<meta-data
android:name="asset_statements"
android:resource="@string/asset_statements" />
</application>
</manifest>

4. Build your project to make the resValue generated in R class.

5. (Optionl) You can validate your assetlinks.json is working by opening this link https://<YOUR_ORGANIZATION_ID>.accounts.justpass.me/.well-known/assetlinks.json in your browser and make sure your android package and SHA-1 fingerprint are listed in the file ✅.

Start your backend integration, checkout our Backend Documentation By the end of this step you should have your passkey registration and login APIs ready to use in your app.

Installation 📥

To install JustPassMe into your Android app, add the following dependency to your app’s build.gradle file:groovyCopy cod

implementation("tech.amwal.justpassme:justpassme:1.0.0-beta06")

Getting Started 🏁

To begin the integration, create a JustPassMe instance in your activity:

To use JustPassMe in your app, you need to do the following:

  1. Create a JustPassMe instance with the activity as a parameter:
val justPassMe : JustPassMe = JustPassMe(activity)

2. After finishing the backend integration, you will need to know the API endpoints for both registration and login, Incase of using Firebase as your backend, checkout our Firebase Documentation your endpoints will be as follows:

  • Backend
const val BASE_URL = "https://<YOUR_backend_DOMAIN>"
  • Firebase
const val BASE_URL = "https://<YOUR_FIREBASE_PROJECT_ID>.cloudfunctions.net/ext-justpass-me-oidc/"kotlinCopy cval justPassMe : JustPassMe = JustPassMe(activity)

## Registration 📝

To create a passkey for your logged in user, you need to do the following:

  1. Construct the registration URL by getting it from your backend, incase of Firebase it will be appending “/register” to the BASE_URL:
  • Backend
val registrationUrl = "${BASE_URL}/<YourRegistrationEndpoint>"
  • Firebase
val registrationUrl = "${BASE_URL}/register"

2. Get your logged user’s token or any Id that you wish to be retuned when the user login with Passkeys later.

3. Required: Pass your token as a header value with the key “Authorization”. and the prefix “Bearer” in a map like this:

val headers = mapOf("Authorization" to "Bearer $token")

4. Call the register method on the justPassMe instance and pass the registration URL, the headers map, and a callback function as parameters:

justPassMe.register(registrationUrl, headers){ authResponse ->
when (authResponse) {
is AuthResponse.Success -> {
// Passkey was created
}
is AuthResponse.Error -> {
// Reason behind the faliure
authResponse.error
}
}
}

The callback function receives an authResponse object that represents one of two cases:

  • Success : A new passkey was created for the user and they can now log in with it. Hooray! 🙌
  • Error : An error message shows the reason behind the failure. Don’t worry, we’ll help you fix it! 💪

Login 🔑

To log in a user that has a passkey for your app, you need to do the following:

  1. Construct the login by getting it from your Backend Endpoints, Incase of Firebase you get the URL by appending “/authenticate” to the BASE_URL:
  • Backend
val loginUrl = "${BASE_URL}/<YourLoginEndpoint>"
  • Firebase
val loginUrl = "${BASE_URL}/authenticate"

2. (Optional) IIf you want to pass any extra headers while logging in the user, you can create a map with the header key-value pairs like this:

val extraHeaders = mapOf("Header-Key" to "Header-Value")

3. Call the auth method on the justPassMe instance and pass the login URL, the extra headers map (if any), and a callback function as parameters:

justPassMe.auth(loginUrl, extraHeaders){ authResponse ->
when (authResponse) {
is AuthResponse.Success -> {
// User loggedIn with passkey
// You can use your token
authResponse.token
}
is AuthResponse.Error -> {
// Reason behind the faliure
authResponse.error
}
}
}

The callback function receives an authResponse object that represents one of two cases:

  • Success: The user logged in with passkey successfully and you can use their token. Awesome! 😊
  • Error: An error message shows the reason behind the failure. Oops! 😬

That’s it! You have now successfully integrated passkeys authentication using JustPass.me into your Android app 🎊. Now your users can enjoy seamless cross-device authentication using their device biometrics. Happy coding! 💻🚀

--

--