Welcome, builders 👋🔑 This repo holds Dfns Android SDK. Useful links:
This means that while we've worked hard to ensure its functionality there may still be bugs, performance issues, or unexpected behavior.
TBC
All state-changing requests made to the Dfns API need to be cryptographically signed by credentials registered with the User.
Note: To be more precise, it's not the request itself that needs to be signed, but rather a " User Action Challenge" issued by Dfns. For simplicity, we refer to this process as "request signing".
This request signature serves as cryptographic proof that only authorized entities are making the request. Without it, the request would result in an Unauthorized error.
While implementing an Android application your backend server will have to communicate with the DFNS API to retrieve this challenge and pass it to your application, PasskeysSigner will be used to register and authenticate a user.
val passkeysSigner = PasskeysSigner(context, RelyingParty(id, name))
val fido2Attestation = passkeysSigner.register(challenge)
val fido2Assertion = passkeysSigner.sign(challenge)
A demo application using the SDK can be found here. This demo application is to be used in conjunction with the server in delegated registration and login tutorial. It is a replacement for the Android section over there, you should read and execute all instruction written above this section to get this demo running.
In the ./app/src/main/java/co/dfns/sdk/tutorial/mobile/Constants.kt set the following values,
DFNS_APP_ID: Dfns Application ID (grab one in Dfns Dashboard:Settings>Applications)SERVER_BASE_URL: base url of the server you launched (eghttp://localhost:8000, or if using ngrok, the public ngrok url)PASSKEY_RELYING_PARTY_ID: the passkey relying party id, aka, the domain on which the above server is served ((Read more here)). If serving the server onhttp://localhost:8000, then set it tolocalhost. If serving the server through ngrok (eghttps://d0d7-31-217-63-194.ngrok-free.app), then set it tongrok-free.app. In general, we advise you use the root domain (eg.acme.com, notapp.acme.com) for more passkey flexibility (so that passkey is re-usable on subdomains).PASSKEY_RELYING_PARTY_NAME: A string representing the name of the relying party, aka, your company name (e.g. "Acme"). The user will be presented with that name when creating or using a passkey.