Credentials’ Grace Period
Ever got the itch when you wanted to use an app after device unlock only to find that you need to log in again or enter the app password again? Well, now we can query the device and check whether it was unlocked recently and how recent was it. This will give our users a chance to avoid all the fuss that comes with using our app. Note that this must be used in conjunction with a public or secret key implementation for user authentication. If you want to read more about the Android Keystore System, head to https://developer.android.com/training/articles/keystore.html.
KeyguardManager and check whether our lock screen is secured via the
isKeyguardSecure() method. Once we know that it’s secured, we can try and use the feature; otherwise, it’d imply that the user didn’t set a secure lock screen and this feature is a no-op.
We generate a symmetric key with
KeyGenerator in Android KeyStore, which can only be used after the user has authenticated with device credentials within the last x seconds. Setting this value (x) is done via the
setUserAuthenticationValidityDurationSeconds() method, when we set up
You can check out the sample code for more information. The activity is called
Try and display the reauthentication dialog as less as possible. When using a cryptographic object, you should try and verify its expiry, and only if it passes, use
createConfirmDeviceCredentialIntent() to reauthenticate the user.