FIDO Only

HYPR SDK for Android

🚧

DO THIS FIRST

This article assumes you have already completed the HYPR SDK for Android Quick Start before continuing.

FIDO Only SDK is designed for customers who want to use the HYPR Android SDK to authenticate into their own Android application without using the HYPR out-of-band mechanism. It establishes direct communication with a HYPR RP Server / HYPR FIDO Server.

The FIDO operations available include registration, authentication, and deregistration.

SDK Interface

FIDO Only Operations use the HYPR API Action Adapter and HYPR DB Adapter SDK interfaces.

πŸ“˜

HYPR Code Objects

The only HYPR code object used in FIDO Only mode is HyprAppProfileData. It corresponds to a HYPR RP Application Profile.

πŸ“˜

DB IDs

Most HYPR code objects have a DB ID to uniquely identify them. The SDK interfaces often require a DB ID to indicate which object is being operated on at the time. FIDO Only mode uses the App Profile DB ID.

Basic Architecture

InterfaceHyprInit
HyprApiActionAdapter
HyprDbAdapter
Related ComponentsUIAdapter
User Agent
FIDO Client
ASMs
Authenticators
FunctionalityFIDO Operations

πŸ“˜

Learn More about FCA

To learn more about the FIDO Client Adapter and how to integrate it into your app, go to the FIDO Client Adapter page.

Database Setup

During the Quick Start you created a CustomHyprDbAdapter which extends the HyprDbAdapter class. FIDO Only (out-of-band Off) mode requires the following modifications to that custom class setup:

  • setting the Application Type, HyprRpAppType, to OobOff
  • setting your RP URL, BaseDomainUrl
  • setting your RP Application ID, RpAppId
// FIDO Only Additions
appProfile.setHyprRpAppType(context, HyprRpAppType.OobOff);
appProfile.setBaseDomainUrl(context, "https://your-company-hypr-rp-address.com");
appProfile.setRpAppId(context, "your RP Application Id");

The complete class with those additions is shown here.

public class CustomHyprDbAdapter extends HyprDbAdapter {
    /**
     * Called after a new App Profile is created.
     * Put any DB customizations here for the new App Profile.
     *
     * @param context    current context
     * @param appProfile appProfile object that was just created
     */
    @Override
    public void onNewAppProfileCreated(@NonNull final Context context,
                                       @NonNull HyprAppProfileData appProfile) {
        // FIDO Only Additions
        appProfile.setHyprRpAppType(context, HyprRpAppType.OobOff);
        appProfile.setBaseDomainUrl(context, "https://your-company-hypr-rp-address.com");
        appProfile.setRpAppId(context, "your RP Application Id");
    }
}

FIDO Registration

FIDO Registrations are done on an Application Profile basis. Each Application Profile has a DB ID that typically is used to pass into methods to tell the SDK which Application Profile to use.

πŸ“˜

FIDO Registration Method

HyprApiActionAdapter.registerAuthenticatorsForAppProfile() is used to launch an activity to initiate FIDO registration via the HyprApiActionAdapter.

The results are returned in onActivityResults with the resultCode of
HYPR_REGISTER_ACT_REQ_CODE.

  1. Using the example below, verify the HYPR Initialization is complete. If you are only using one App Profile, get the current Application Profile and the App Profile DB ID. App Profiles has more details.

  2. Pass that App Profile DB ID into the registerAuthenticatorsForAppProfile method to start a HYPR SDK activity which will perform the registration.

  3. The results are returned in the onActivityResult method described in the FIDO Operation Activity Results section further below. The result code is HYPR_REGISTER_ACT_REQ_CODE.

void startRegistration(Activity activity) {
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            HyprApiActionAdapter.registerAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
}

FIDO Authentication

FIDO Authentications are done on an Application Profile basis. Each Application Profile has a DB ID that is passed to methods to tell the SDK which Application Profile to use.

πŸ“˜

FIDO Authentication Method

HyprApiActionAdapter.authenticateAppProfile() is used to launch an activity to initiate FIDO registration via the HyprApiActionAdapter.

The results are returned in onActivityResults with the resultCode of:
HYPR_AUTHENTICATE_ACT_REQ_CODE.

  1. Using the example below, verify the HYPR Initialization is complete. If you are only using one App Profile, then get the current Application Profile and the App Profile DB ID. App Profiles has more information on App Profiles.

  2. Pass that App Profile DB ID into the authenticateAppProfile method to start a HYPR SDK activity which will perform the authentication.

  3. The results are returned in the onActivityResult method described in the FIDO Operation Activity Results section further below. The result code is HYPR_AUTHENTICATE_ACT_REQ_CODE.

void startAuthentication(Activity activity) {
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            HyprApiActionAdapter.authenticateAppProfile(activity, hyprAppProfileData.getDbId());
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
}

FIDO Deregistration

FIDO deregistrations are done on an Application Profile basis. Each Application Profile has a DB ID that is passed to methods to tell the SDK which Application Profile to use.

πŸ“˜

FIDO Deregistration Method

HyprApiActionAdapter.deregisterAuthenticatorsForAppProfile() is used to launch an activity to initiate FIDO deregistration via the HyprApiActionAdapter.

The results are returned in onActivityResults with the resultCode of HYPR_DEREGISTER_ACT_REQ_CODE.

  1. Using the example below, verify the HYPR Initialization is complete. If you are only using one App Profile, get the current Application Profile and the App Profile DB ID. Read App Profiles for more details.

  2. Pass that App Profile DB ID into the deregisterAuthenticatorsForAppProfile method to start a HYPR SDK activity which will perform the deregistration.

  3. The results are returned in the onActivityResult method described in the FIDO Operation Activity Results section. The result code is HYPR_DEREGISTER_ACT_REQ_CODE.

void startDeregistration(Activity activity) {
    if (App.isHyprInitComplete()) {
        try {
            HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
            HyprApiActionAdapter.deregisterAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
        } catch (HyprException exception) {
            exception.printStackTrace();
        }
    }
}

Getting Registered Authenticators

void getRegisteredAuthenticators(Activity activity) throws HyprException {
        HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
        HyprApiActionAdapter.getRegisteredAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
    }

    @Override
    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
        super.onActivityResult(requestCode, resultCode, data);
        if(requestCode == HYPR_ACT_GETREG_REQ_CODE) {
            if(resultCode == HYPR_ACT_RES_CODE_SUCCESS) {
                List<String> registeredAaids = new ArrayList<String>();
                if (data.hasExtra(INTENT_KEY_HYPR_STATUS_RESULT)) {
                    HyprStatusResult statusResult = (HyprStatusResult) data.getSerializableExtra(INTENT_KEY_HYPR_STATUS_RESULT);
                    HyprGetRegistrationsData registrationsData = (HyprGetRegistrationsData) statusResult.getStatusExtraData().getAuthExtraData().get(EXTRA_DATA_KEY_GET_REGISTRATIONS);
                    if (registrationsData != null) {
                        registeredAaids.addAll(registrationsData.getAaids());
                    }
                }
            }
            else {
                // Failure
            }
        }
    }

Add an Additional Authenticator to the Current User

Before you add an authenticator, ensure it is not already registered, or unexpected behaviors might result.

void addAuthenticatorToCurrentUser(Activity activity) {
        HyprAppProfileData hyprAppProfileData = App.getHyprDbAdapter().getCurHyprAppProfileData(activity);
        hyprAppProfileData.setRpAppActionIdReg(activity, "<your policy name>");
        HyprApiActionAdapter.registerAuthenticatorsForAppProfile(activity, hyprAppProfileData.getDbId());
    }

    @Override
    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
        super.onActivityResult(requestCode, resultCode, data);
        if(requestCode == HYPR_REGISTER_ACT_REQ_CODE) {
            if(resultCode == HYPR_ACT_RES_CODE_SUCCESS) {
                // Handle Success
            }
            else {
                // Handle failure
            }
        }
    }

FIDO Operation Activity Results

The results returned from all HyprApiActionAdapter operations are returned in the onActivityResults method. The standard result code returned for a successful HYPR Android SDK Operation activity result is HYPR_ACT_RES_CODE_SUCCESS.

@Override
protected void onActivityResult(int requestCode,
                                int resultCode,
                                Intent data) {
    if (resultCode == HYPR_ACT_RES_CODE_SUCCESS) {
        handleSuccess(requestCode, data);

    } else {
        handleFailure(requestCode);
    }
}

void handleSuccess(int requestCode,
                   Intent data) {
    switch (requestCode) {
        case HYPR_REGISTER_ACT_REQ_CODE:
            Toast.makeText(this, "Registration Successful", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_AUTHENTICATE_ACT_REQ_CODE:
            Toast.makeText(this, "Authentication Successful", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_DEREGISTER_ACT_REQ_CODE:
            Toast.makeText(this, "Deregistration Successful", Toast.LENGTH_SHORT).show();
            break;

        default:
            Toast.makeText(this, "Unknown Success", Toast.LENGTH_SHORT).show();
    }
}

void handleFailure(int requestCode) {
    switch (requestCode) {
        case HYPR_REGISTER_ACT_REQ_CODE:
            Toast.makeText(this, "Registration Failed", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_AUTHENTICATE_ACT_REQ_CODE:
            Toast.makeText(this, "Authentication Failed", Toast.LENGTH_SHORT).show();
            break;

        case HYPR_DEREGISTER_ACT_REQ_CODE:
            Toast.makeText(this, "Deregistration Failed", Toast.LENGTH_SHORT).show();
            break;

        default:
            Toast.makeText(this, "Unknown Failure", Toast.LENGTH_SHORT).show();
    }
}