Android Marshmallow has introduced a newly integrated API to better support user authentication and user verification. We can now use the new
Fingerprint API for devices with a fingerprint scanner in order to authenticate the user. We can also set a specific time for user lock screen verification to be considered valid in the app login. In this chapter, we will try and go over these additions and explain how to use them:
- Credentials’ Grace Period
The Fingerprint authentication API
Android Marshmallow now allows us, the developers, to authenticate users with their fingerprint scans when using such authentication scanners on supported devices.
Fingerprint API was added to Android Marshmallow via a whole new package:
The package contains four classes:
Each class has a specific role in our fingerprint authentication process.
How do we use fingerprint authentication?
The preceding four classes of the
android.hardware.fingerprint package can be explained in the following manner:
FingerprintManager: Manage access to fingerprint hardware
FingerprintManager.AuthenticationCallback: Callback used in the
FingerprintManager.AuthenticationResult: Result container for
Cryptoobject to use with
Say, we want to authenticate users via their fingerprints. A device with a fingerprint sensor must be in use; otherwise, we can’t use this API. We need to get an instance of
FingerprintManager, and then we call the
authenticate() method. We must implement a specific user interface for the fingerprint authentication flow, and the standard Android fingerprint icon (
c_fp_40px.png) is included in the source. We need to add the appropriate permission to our app’s manifest:
<uses-permission android:name="android.permission.USE_FINGERPRINT" />
Right now, we don’t have a device with a fingerprint sensor, so we will need to test our code from an emulator. (Nexus 5X and Nexus 6P are still with limited supply)
Setting up for testing
Android SDK Tools Revision 24.3 (at least) must be installed. Now, we navigate to Settings | Security | Fingerprint and add one fingerprint.
Follow the instructions manually; we are asked to select the PIN and leading us to find the following screenshot:
Finally, we must use a special
adbcommand, tricking the sensor into capturing a mock fingerprint:
adb -e emu finger touch <finger_id>
The resultant screen should look like the following screenshot:
finger_id =1for a single finger. The same command also emulates fingerprint touch events on the lock screen or in our app.
If you need help to set up an emulator, read:
Now, we can launch our application and see that we can use the fingerprint as our authentication method when the user purchases an item.