{"id":18553222,"url":"https://github.com/oliverspryn/android-oauth-biometrics","last_synced_at":"2025-04-24T04:46:57.117Z","repository":{"id":144198992,"uuid":"468386599","full_name":"oliverspryn/android-oauth-biometrics","owner":"oliverspryn","description":"🔐 A proof-of-concept application to log into an example Auth0 instance with a PKCE flow and allow secure retrieval of the access and refresh tokens with biometrics","archived":false,"fork":false,"pushed_at":"2022-04-07T18:24:49.000Z","size":21369,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-24T04:46:47.949Z","etag":null,"topics":["0auth","access-token","auth0","authentication","biometrics","fingerprint","login","poc","proof-of-concept","refresh-token"],"latest_commit_sha":null,"homepage":"https://auth0.com","language":"Kotlin","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oliverspryn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-10T14:50:35.000Z","updated_at":"2024-08-01T08:08:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"54f90e15-8745-469d-bd93-22af3ba28c46","html_url":"https://github.com/oliverspryn/android-oauth-biometrics","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverspryn%2Fandroid-oauth-biometrics","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverspryn%2Fandroid-oauth-biometrics/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverspryn%2Fandroid-oauth-biometrics/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oliverspryn%2Fandroid-oauth-biometrics/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oliverspryn","download_url":"https://codeload.github.com/oliverspryn/android-oauth-biometrics/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250566444,"owners_count":21451229,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0auth","access-token","auth0","authentication","biometrics","fingerprint","login","poc","proof-of-concept","refresh-token"],"created_at":"2024-11-06T21:16:28.636Z","updated_at":"2025-04-24T04:46:57.111Z","avatar_url":"https://github.com/oliverspryn.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Android OAuth with Biometrics\n\n🔐 A proof-of-concept application to log into an example Auth0 instance with a PKCE flow and allow secure retrieval of the access and refresh tokens with biometrics\n\n\u003cimg src=\".docs/demo.gif\" alt=\"Login, reauthentication with biometrics, and logout flows\" width=\"400\" /\u003e\n\n**Features:**\n\n- Login + logout flows with an OAuth provider\n- Store credentials in secure storage with hardware-backed cryptography\n- Graceful handling of devices that lack hardware-backed cryptography features\n- Intelligent selection of the best available cryptography + biometrics for enhanced security based on API level and available hardware\n- Reauthenicate back into an account with biometrics\n- Graceful handling of devices which have biometric capabilities, but no enrolled biometrics\n- Network stack automatically injects the acccess token into the necessary API calls\n- Auto-refresh of the access token\n- Auto-logout when the refresh token is invalidated\n- Identification of what kind of secondary authentication mechanisms are available on the device\n- Showing what kind of secondary authentication was used\n\n**Here are some useful sources that I consulted before building this project:**\n\n- [Using BiometricPrompt with CryptoObject](https://medium.com/androiddevelopers/using-biometricprompt-with-cryptoobject-how-and-why-aace500ccdb7)\n- [Biometric Authentication on Android - Part 1](https://medium.com/androiddevelopers/biometric-authentication-on-android-part-1-264523bce85d)\n- [Biometric Authentication on Android - Part 2](https://medium.com/androiddevelopers/biometric-authentication-on-android-part-2-bc4d0dae9863)\n- [OAuth2 + PKCS + Auth0](https://medium.com/geekculture/implement-oauth2-pkce-in-swift-9bdb58873957)\n- [AppAuth for Android](https://github.com/openid/AppAuth-Android)\n\n## Setup an Auth0 Account\n\nSince this project requires an OAuth IDP to run, follow these steps:\n\n1. Create a free [Auth0 account](https://auth0.com/)\n1. Once you have created an account, create a tenant (which can be thought of as a new project)\n1. Inside of the newly created tenant, create a new application by going to the navigation panel \u0026gt; Applications \u0026gt; Create Application \u0026gt; Native\n1. Open up your new application and make a note of the Client ID and the Domain under the Settings tab\n1. On the same tab, add `com.oliverspryn.android.oauthbiometrics://oauth/login` to the Allowed Callback URLs list\n1. Add `com.oliverspryn.android.oauthbiometrics://oauth/logout` to the Allowed Logout URLs list\n1. Create a user for your testing purposes by going to the navigation panel \u0026gt; User Management \u0026gt; Users \u0026gt; Create User\n\n## Run the Project\n\nOnce the OAuth tenant, application, and user account are setup, you can incorporate them into this project:\n\n1. Clone the project\n1. Open up `app/build.gradle`\n1. Change the `OAUTH_CLIENT_ID` and `OPENID_CONFIG_URL` to the values you found in the Auth0 management portal\n1. Configure `CryptographyConfig.ALLOW_DEVICE_CREDENTIALS_AS_SECONDARY_LOGIN` to allow or disallow PIN/pattern/etc as an additional secondary login option\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foliverspryn%2Fandroid-oauth-biometrics","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foliverspryn%2Fandroid-oauth-biometrics","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foliverspryn%2Fandroid-oauth-biometrics/lists"}