Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dashlane/android-passkey-example
An example application that demonstrates the use of passkeys to sign up and sign in
https://github.com/dashlane/android-passkey-example
android dashlane example passkey
Last synced: about 1 month ago
JSON representation
An example application that demonstrates the use of passkeys to sign up and sign in
- Host: GitHub
- URL: https://github.com/dashlane/android-passkey-example
- Owner: Dashlane
- License: apache-2.0
- Created: 2023-04-07T08:39:30.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-01-24T08:43:32.000Z (11 months ago)
- Last Synced: 2024-11-13T10:37:46.641Z (about 1 month ago)
- Topics: android, dashlane, example, passkey
- Language: Kotlin
- Homepage:
- Size: 7.69 MB
- Stars: 69
- Watchers: 12
- Forks: 20
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Android Passkey Example
[![License](https://img.shields.io/badge/license-Apache%202.0-blue)](https://github.com/username/repo/blob/master/LICENSE)
![Licence](showcase.gif)
The purpose of this demo application is to showcase the implementation of passkeys in a native Android application. It also serves
as an example for developers who want to incorporate passkey authentication in their own app. This application requires
Android 14 or higher.## What is a passkey?
Passkeys are a replacement for passwords. A password is something that can be remembered and typed, and a passkey is a secret stored on one’s devices, unlocked with biometrics.
You can learn more about passkeys here: https://passkeys.dev/docs/intro/what-are-passkeys/
## Features
You can create a passkey and sign in to this demo application. It's possible thanks to
the [Credential Manager API](https://developer.android.com/jetpack/androidx/releases/credentials) which brings passkey
support to Android 14. The WebAuthn spec this is based on can be found here: [WebAuthn](https://w3c.github.io/webauthn/).All accounts are stored locally (in shared preferences), which means that if you uninstall or clear data, your account will be lost. This app does not require any network resource.
During the sign in flow, a challenge, which is just some random bytes, is generated by the website/service (commonly referred to as the relying party). This challenge is sent to the authenticator via the app, where it is signed with the private key of the passkey. The signed challenge is then returned to the relying party to be verified. In this expample app the challenge is verified locally within the app - note that this is usually done by a server.
You can sign in to a specific account by entering an email that already exists in the local database. By doing that, the `allowCredentials`
attribute of a passkey request will be set with a related UserID, and only this credential can be returned by the authenticator.## How to Test the Application
You can clone and build this application to generate a debug APK, or you can directly download the APK from the GitHub "Release" section.
## Contributing
We are open to contributions. Feel free to submit a pull request with your changes. Here are some features that could be added to this
application:- Add other supported algorithms from [this list](https://www.iana.org/assignments/cose/cose.xhtml#algorithms)
- Remove a specific local account without the need to uninstall or remove all data
- Upgrade the Credential Manager library to the latest version## License
This project is licensed under the Apache 2.0 License.