ForgeRock SDKs 3.3

User authentication

Once the user’s mobile device has been registered in AM, the device can be used as an authenticator with its registered key pair through the WebAuthn Authentication node, which is returned as a WebAuthnAuthenticationCallback by the Android SDK.

Perform authentication

As part of authentication process, the SDK provides the WebAuthnAuthenticationCallback for authenticating the device as a credential.

WebAuthnAuthenticationCallback callback = node.getCallback(WebAuthnAuthenticationCallback.class);
callback.authenticate(node, webAuthnKeySelector, new FRListener<Void>() {
    @Override
    public void onSuccess(Void result) {
        // Authentication is successful
        // Submit the Node using Node.next()
    }

    @Override
    public void onException(Exception e) {
        // An error occurred during the authentication process
        // Submit the Node using Node.next()
    }
});

The WebAuthnAuthenticationCallback.authenticate() method has a parameter, Node.

If the current node contains WebAuthnAuthenticationCallback and HiddenValueCallback, the SDK automatically sets the outcome of the authentication process for both success and failure to the designated HiddenValueCallback.

WebAuthnKeySelector

An optional WebAuthnKeySelector parameter can be provided for authentication.

The WebAuthnKeySelector.select() method is invoked when Username from device is enabled in the WebAuthn Authentication node. This feature requires that Username to device is enabled in the WebAuthn Registration node as well. With these options enabled, the registered key pair is associated with the username, and the SDK can present a list of registered keys to the user to continue the authentication process without collecting a username.

The sourceList is a list of PublicKeyCredentialSource constructed during registration. You may alter the string value, and present the altered value to the user.

However, you must return the selected PublicKeyCredentialSource as it was provided in the original list to the provided listener.

callback.authenticate(this, node, new WebAuthnKeySelector() {
    @Override
    public void select(@NonNull FragmentManager fragmentManager,
                       @NonNull List<PublicKeyCredentialSource> sourceList,
                       @NonNull FRListener<PublicKeyCredentialSource> listener) {
        //Always pick the first one.
        listener.onSuccess(sourceList.get(0));
    }
}, new FRListener<Void>() {
    @Override
    public void onSuccess(Void result) {
        //...
    }

    @Override
    public void onException(Exception e) {
        //...
    }
});
Copyright © 2010-2022 ForgeRock, all rights reserved.