FIDO Only
HYPR SDK for Android
Do This First
This article assumes you have already completed the HYPR SDK for Android Quick Start before continuing.
FIDO Only SDK is designed for customers who want to use the HYPR Android SDK to authenticate into their own Android application without using the HYPR out-of-band mechanism. It establishes direct communication with a HYPR RP Server / HYPR FIDO Server.
The FIDO operations available include registration, authentication, and deregistration.
SDK Interface
FIDO Only Operations use the HyprApiActionAdapter and HyprDbAdapter SDK interfaces.
HYPR Code Objects
The only HYPR code object used in FIDO Only mode is
HyprAppProfileData. It corresponds to a HYPR RP Application Profile.
DB IDs
Most HYPR code objects have a DB ID to uniquely identify them. The SDK interfaces often require a DB ID to indicate which object is being operated on at the time. FIDO Only mode uses the App Profile DB ID.
Basic Architecture
| Interface | HyprInitHyprApiActionAdapterHyprDbAdapter |
| Related Components | UIAdapterUser Agent FIDO Client ASMs Authenticators |
| Functionality | FIDO Operations |
Learn More about FCA
To learn more about the FIDO Client Adapter and how to integrate it into your app, go to the FIDO Client Adapter page.
Database Setup
During the Quick Start you created a CustomHyprDbAdapter which extends the HyprDbAdapter class. FIDO Only (out-of-band Off) mode requires the following modifications to that custom class setup:
- setting the Application Type,
HyprRpAppType, toOobOff - setting your RP URL,
BaseDomainUrl - setting your RP Application ID,
RpAppId
// FIDO Only Additions
appProfile.setHyprRpAppType(context, HyprRpAppType.OobOff);
appProfile.setBaseDomainUrl(context, "https://your-company-hypr-rp-address.com");
appProfile.setRpAppId(context, "your RP Application Id");
The complete class with those additions is shown here.
public class CustomHyprDbAdapter extends HyprDbAdapter {
/**
* Called after a new App Profile is created.
* Put any DB customizations here for the new App Profile.
*
* @param context current context
* @param appProfile appProfile object that was just created
*/
@Override
public void onNewAppProfileCreated(@NonNull final Context context,
@NonNull HyprAppProfileData appProfile) {
// FIDO Only Additions
appProfile.setHyprRpAppType(context, HyprRpAppType.OobOff);
appProfile.setBaseDomainUrl(context, "https://your-company-hypr-rp-address.com");
appProfile.setRpAppId(context, "your RP Application Id");
}
}
FIDO Registration
FIDO Registrations are done on an Application Profile basis. Each Application Profile has a DB ID that typically is used to pass into methods to tell the SDK which Application Profile to use.
FIDO Registration Method
HyprApiActionAdapter.registerAuthenticatorsForAppProfile()is used to launch an activity to initiate FIDO registration via theHyprApiActionAdapter.The results are returned in
onActivityResultswith theresultCodeof
HYPR_REGISTER_ACT_REQ_CODE.
-
Using the example below, verify the HYPR Initialization is complete. If you are only using one App Profile, get the current Application Profile and the App Profile DB ID. App Profiles has more details.
-
Pass that App Profile DB ID into the
registerAuthenticatorsForAppProfilemethod to start a HYPR SDK activity which will perform the registration. -
The results are returned in the
onActivityResultmethod described in the FIDO Operation Activity Results section further below. The result code isHYPR_REGISTER_ACT_REQ_CODE.
void startRegistration(Activity activity) {
if (App.isHyprInitComplete()) {
try {
HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
HyprApiActionAdapter.registerAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
} catch (HyprException exception) {
exception.printStackTrace();
}
}
}
FIDO Authentication
FIDO Authentications are done on an Application Profile basis. Each Application Profile has a DB ID that is passed to methods to tell the SDK which Application Profile to use.
FIDO Authentication Method
HyprApiActionAdapter.authenticateAppProfile()is used to launch an activity to initiate FIDO registration via theHyprApiActionAdapter.The results are returned in
onActivityResultswith theresultCodeof:
HYPR_AUTHENTICATE_ACT_REQ_CODE.
-
Using the example below, verify the HYPR Initialization is complete. If you are only using one App Profile, then get the current Application Profile and the App Profile DB ID. App Profiles has more information on App Profiles.
-
Pass that App Profile DB ID into the
authenticateAppProfilemethod to start a HYPR SDK activity which will perform the authentication. -
The results are returned in the
onActivityResultmethod described in the FIDO Operation Activity Results section further below. The result code isHYPR_AUTHENTICATE_ACT_REQ_CODE.
void startAuthentication(Activity activity) {
if (App.isHyprInitComplete()) {
try {
HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
HyprApiActionAdapter.authenticateAppProfile(activity, hyprAppProfileData.getDbId());
} catch (HyprException exception) {
exception.printStackTrace();
}
}
}
FIDO Deregistration
FIDO deregistrations are done on an Application Profile basis. Each Application Profile has a DB ID that is passed to methods to tell the SDK which Application Profile to use.
FIDO Deregistration Method
HyprApiActionAdapter.deregisterAuthenticatorsForAppProfile()is used to launch an activity to initiate FIDO deregistration via theHyprApiActionAdapter.The results are returned in
onActivityResultswith theresultCodeofHYPR_DEREGISTER_ACT_REQ_CODE.
-
Using the example below, verify the HYPR Initialization is complete. If you are only using one App Profile, get the current Application Profile and the App Profile DB ID. Read App Profiles for more details.
-
Pass that App Profile DB ID into the
deregisterAuthenticatorsForAppProfilemethod to start a HYPR SDK activity which will perform the deregistration. -
The results are returned in the
onActivityResultmethod described in the FIDO Operation Activity Results section. The result code isHYPR_DEREGISTER_ACT_REQ_CODE.
void startDeregistration(Activity activity) {
if (App.isHyprInitComplete()) {
try {
HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
HyprApiActionAdapter.deregisterAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
} catch (HyprException exception) {
exception.printStackTrace();
}
}
}
Getting Registered Authenticators
void getRegisteredAuthenticators(Activity activity) throws HyprException {
HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
HyprApiActionAdapter.getRegisteredAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if(requestCode == HYPR_ACT_GETREG_REQ_CODE) {
if(resultCode == HYPR_ACT_RES_CODE_SUCCESS) {
List<String> registeredAaids = new ArrayList<String>();
if (data.hasExtra(INTENT_KEY_HYPR_STATUS_RESULT)) {
HyprStatusResult statusResult = (HyprStatusResult) data.getSerializableExtra(INTENT_KEY_HYPR_STATUS_RESULT);
HyprGetRegistrationsData registrationsData = (HyprGetRegistrationsData) statusResult.getStatusExtraData().getAuthExtraData().get(EXTRA_DATA_KEY_GET_REGISTRATIONS);
if (registrationsData != null) {
registeredAaids.addAll(registrationsData.getAaids());
}
}
}
else {
// Failure
}
}
}
Add an Additional Authenticator to the Current User
Before you add an authenticator, ensure it is not already registered, or unexpected behaviors might result.
void addAuthenticatorToCurrentUser(Activity activity) {
HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
hyprAppProfileData.setRpAppActionIdReg(activity, "<your policy name>");
HyprApiActionAdapter.registerAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if(requestCode == HYPR_REGISTER_ACT_REQ_CODE) {
if(resultCode == HYPR_ACT_RES_CODE_SUCCESS) {
// Handle Success
}
else {
// Handle failure
}
}
}
FIDO Operation Activity Results
The results returned from all HyprApiActionAdapter operations are returned in the onActivityResults method. The standard result code returned for a successful HYPR Android SDK Operation activity result is HYPR_ACT_RES_CODE_SUCCESS.
@Override
protected void onActivityResult(int requestCode,
int resultCode,
Intent data) {
if (resultCode == HYPR_ACT_RES_CODE_SUCCESS) {
handleSuccess(requestCode, data);
} else {
handleFailure(requestCode);
}
}
void handleSuccess(int requestCode,
Intent data) {
switch (requestCode) {
case HYPR_REGISTER_ACT_REQ_CODE:
Toast.makeText(this, "Registration Successful", Toast.LENGTH_SHORT).show();
break;
case HYPR_AUTHENTICATE_ACT_REQ_CODE:
Toast.makeText(this, "Authentication Successful", Toast.LENGTH_SHORT).show();
break;
case HYPR_DEREGISTER_ACT_REQ_CODE:
Toast.makeText(this, "Deregistration Successful", Toast.LENGTH_SHORT).show();
break;
default:
Toast.makeText(this, "Unknown Success", Toast.LENGTH_SHORT).show();
}
}
void handleFailure(int requestCode) {
switch (requestCode) {
case HYPR_REGISTER_ACT_REQ_CODE:
Toast.makeText(this, "Registration Failed", Toast.LENGTH_SHORT).show();
break;
case HYPR_AUTHENTICATE_ACT_REQ_CODE:
Toast.makeText(this, "Authentication Failed", Toast.LENGTH_SHORT).show();
break;
case HYPR_DEREGISTER_ACT_REQ_CODE:
Toast.makeText(this, "Deregistration Failed", Toast.LENGTH_SHORT).show();
break;
default:
Toast.makeText(this, "Unknown Failure", Toast.LENGTH_SHORT).show();
}
}
Updated 3 months ago